|バージョン||27.8.1 27.8.0 27.7.2 27.7.1 27.7.0 27.6.2 27.6.1 27.6.0 27.5.1 27.5.0 184.108.40.206|
2018/03/06 ver 27.8.1
This is a small update to address some breaking issues.
Backed out the NSPR/NSS update from 27.8.0 for causing
crashes, general operational instability and handshake issues.
Disabled TLS 1.3 draft support by default, because with the
NSS backout we only support an older draft right now that is no longer
current and may cause connectivity issues. You can manually re-enable
it at your own risk in about:config by setting security.tls.version.max
2018/03/02 ver 27.8.0
This is a development update with new and improved features and
Added support for emojis on Windows systems that have
relatively poor support for them with standard font sets by including
our own font (EmojiOne based for now).
Added a setting in preferences to select the use of tab
previews with Ctrl+Tab.
Added Eyedropper menu entry to the AppMenu.
Added a preference to control whether the text cursor
(caret) should be thicker when dealing with CJK characters or not
(default = yes).
Added URL fix-ups for schemes (mis-typed "ttp://" etc.).
Added support for ES6 "Symbol species".
Updated our TLS 1.3 support to the latest (probably final)
Fixed gap inconsistency in the tabstrip.
Fixed a number of browser crashes.
2018/02/01 ver 27.7.2
This is a security and stability update.
Changed the X-Content-Type-Options: nosniff
behavior to only check "success" class server responses, for web
Changed the performance timer resolution once more to a
granularity of 1 ms, after evaluating more potential ways of abusing
This takes the most cautious approach possible lacking more information
(because apparently NDAs have been signed over this between mainstream
players), follows Safari's lead, and should make it not just infeasible
but downright impossible to use these timers for nefarious purposes in
Improved the debug-only startup cache wrapper to prevent a
Fixed a crash in the XML parser.
Added a check for integer overflow in AesTask::DoCrypto()
2018/01/18 ver 27.7.1
This is a minor emergency update to address website breakage and a
Added support for Array.prototype[@@unscopables].
was incomplete, which caused a number of websites (e.g. Chase on-line
banking, some Russian government sites) to display blank or not
complete loading after updating to that version of the browser. This
update should fix the problem by adding the missing part of the feature.
Fixed an issue with the default theme causing tab borders
to be drawn too thick at higher settings for visual element scaling
(125%/150%) in Windows.
2018/01/16 ver 27.7.0
This is a stability and bugfix release, as well as adding a number of
new features to further improve web compatibility.
Reorganized access to preferences (moved to the Tools menu
on Linux, and renamed from "Options" to "Preferences" on Windows).
Renamed "Restart with add-ons disabled" to "Restart in Safe
Mode" to better reflect what it does.
Worked around an issue with some improperly-encoded PNG
files not decoding after our libpng update.
Fixed an issue on Mac builds not properly populating the
Added "My home page" as an option for new tabs.
Added an option to disable the 4th and 5th mouse buttons
(mouse.button4.enabled and mouse.button5.enabled,
Improved the resetting of non-default profiles.
Fixed an issue with details/summary having the incorrect
2017/11/29 ver 27.6.2
This is a security and minor bugfix update to the browser.
This will most likely be the last update for 2017, with the holidays
not far away.
Implemented the concept of so-called "cookie-averse
document objects" which is a security&privacy measure that blocks
certain web content from setting cookies. This mitigates
cookie-injection, which might help against "hidden" cookie tracking.
Mitigated some domain name spoofing through IDN by using
dotless-i and dotless-j with accents. (CVE-2017-7832)
Pale Moon will display these kinds of spoofed domains in punycode now
in the actual address bar.
Please note that the identity panel will always be able to help you on
secure sites when IDNs are in use to notice potential spoofing, as
opposed to relying on detection algorithms in the URL itself. As such,
some other issues like CVE-2017-7833 are already mitigated by us.
Fixed an issue with mixed-content blocking. (CVE-2017-7835)
2017/11/15 ver 27.6.1
This is a minor bugfix release to address some pressing issues people
Fixed a regression with new windows (opening two windows
from the command-line or file association, focus issues on new windows,
not loading the home page in a new window, etc.)
Aligned XHR with the currect spec to allow withCredentials.
Fixed an input element focus issue within handlers.
Fixed the processing of all-padding HTTP/2 frames to
prevent rare HTTP/2 hangups.
Updated CitiBank override to work around their login issues.
Updated Netflix override to a community-supplied one that
seems to satisfy their arbitrary restrictions better.
2017/11/08 ver 27.6.0
This is a major development update.
Dropped support for Direct2D 1.0 to avoid font rendering
issues. Windows installations not capable of using Direct2D 1.1 will
now fall back to software rendering. As a result, fonts may look
different from this version onwards if you are on Windows Vista or
Windows 7. Users on Windows 7 affected by this should install the Platform Update to re-enable Direct2D.
Updated the Brotli decoder library, and enabled support for
Brotli HTTP content-encoding by default.
Added notifications to inform users about WebExtensions not
being supported if they try to install them (as opposed to "extension
Added a number of DOM childNode convenience functions. This
should fix some lazy-loading frameworks.
(enjoy your LOLcats again!)
Changed automatic updates over to the new infrastructure.
Added extra proxy settings in Options, covering DNS lookups
through SOCKS v5 and automatic proxy authentication with known
2017/10/10 ver 27.5.1
Pale Moon: Release notes
This is a security and stability update to the browser, as well as
fixing some issues users have indicated.
Changed the default Windows 10 styling when no accent color
is aplied to black-on-white.
Changed the theme styling on Windows 10 when the system
window frame is used (menu bar enabled) to use the window manager
background directly, preventing visual lag updating the window color
when it changes.
Updated user agent overrides for DropBox, YouTube and
Yahoo to work around user agent sniffing issues.
Fixed a crash in the media subsystem.
Fixed a regression where video playback hardware
acceleration was disabled incorrectly on some systems.
Updated libhyphen to the latest upstream code to fix a
2017/09/26 ver 27.5.0
Pale Moon: Release notes
This is a major update furthering general development of the browser.
Added a menu option to restart the browser.
Added Windows-specific CSS parameters and queries for the
use of the system accent color. Added are parameters -moz-win-accentcolor
and -moz-win-accentcolortext, and the media query -moz-win-accentcolor-applies
to know if Windows is actively using an accent color.
Changed Windows' browser CSS sheet ot use variables
of hard-coding colors, simplifying its style and making it more
flexible. Further cleaned up the Windows 10 specific browser style.
Changed the theme on Windows 10 to use the new accent
colors and improve O.S. consistency.
Fixed some general inconsistencies in the Windows theme
on all Windows operating systems.
Updated Windows widgets to be able to pick up Windows 10
2017/08/29 ver 220.127.116.11
Pale Moon: Release notes
This is an out-of-band update for the portable version of the browser
This fixes a few issues in the portable shell regarding backups and
To update, please follow the recommended update procedure listed on the
Pale Moon Portable page.
This is a small update to address some security and stability issues.
Fixed a number of crashes.
Enabled the opt-in debugging feature to log SSL keys to a
file in all builds.
Added a fix for TLS 1.3 handshakes causing a browser
Handshakes should be considerably faster now and no longer
stall in the wrong circumstances.