Pale Moon

v33.6.1 (2025-03-11)
This is a security, bugfix and stability update.
Important: Mac
and FreeBSD builds will be updated soon. They are currently not yet
ready due to builder absence.
Changes/fixes:
Simplified some WASM code generation in the Ion JIT
compiler.
Fixed a crash in loading external resource maps.
Disabled potentially unsafe attempts at recovering JIT
operations.
Fixed some minor linking issues in about:rights.
Updated the embedded emoji font to fix incorrect display of
some of the wheelchair emoji.
Security issues addressed: CVE-2025-1934 (DiD).

v33.6.0.1 (2025-02-20)
This is an extra update to mitigate as much of the CloudFlare issues
leading to browser hangs and memory issues as possible on the web
browser side. Unfortunately CloudFlare still hasn't pulled their
scripts that seem to deliberately
cause these issues on Pale Moon and other independent browsers they
seem to want to keep from the websites they "protect". If you are
interested in learning more, check out the forum thread where we're discussing this issue.
Once again, please consider reporting any and all
occurrences of failing or looping CloudFlare checks on websites to
CloudFlare as well as the owners of affected websites (you may have to
temporarily use a Chromium-based browser to do this).
Changes/fixes:
Disabled CSP reporting temporarily to work around memory
issues caused by CloudFlare's scripting. While CSP reporting is
important to inform webmasters of issues with their content security
policies, not having the browser eat up all memory is more critical. We
do intend to re-enable this when the issue is resolved on CloudFlare's
side.
(省略されました)

v33.6.0 (2025-02-07)
This is a development, bugfix and security release.
Due to the fact that CloudFlare has been causing application crashes
that impacts many users, this release has been pulled forward a few
days to address these crashes with priority (should be fixed in this
release).
Please note that at the time of publication of this browser version and
release notes, even though crashes have been fixed, CloudFlare is
denying UXP-based browsers as well as several other independent/smaller
browsers access to many websites by way of their malfunctioning
"security check" or captcha, with no
priority given to actually fix it despite it being denial of service
for users of affected browsers. Please consider reporting any and all
occurrences of a failing or looping CloudFlare checks on websites to
CloudFlare as well as the owners of affected websites (you may have to
temporarily use a Chromium-based browser to do this).
Changes/fixes:
Implemented a content sniffer for ADTS and raw AAC audio.
Implemented AbortSignal.abort() and stub AbortSignal.timeout().
(省略されました)

v33.5.1 (2025-01-15)
This is a small bugfix and security release.
Changes/fixes:
Changed the way cookies are handled internally to fix an
issue with cookie database corruption as a result of updates to domain
suffixes.
Fixed an issue with Alternative-Services protocol
negotiation.
Fixed a potential crash scenario with Structured Clone
operations. DiD
Fixed a potential issue with line breaking if out of memory.
Fixed a rare crash with opportunistic encryption.
Minor code cleanup.
Security issues addressed: CVE-2025-0239 and CVE-2025-0238.
2009-2025 Moonchild Productions - All rights reserved
Important legal considerations surrounding Pale Moon.

v33.5.0 (2024-12-05)
This is a development, bugfix and security release.
Note: Intel Mac builds are now "ad hoc" signed instead of unsigned,
which should solve potential issues with newer macOS while still being
compatible with old OS X. If you experience issues, please post in the Mac
board on the forum for support.
Changes/fixes:
Implemented Regular Expression "match indices" (/d) feature.
Added a way to programmatically clear the DNS cache in the
browser, and added a button to the UI for it in about:networking.
Updated handling of referrer policies to adhere to the
updated spec.
CSS font variations keywords no longer throw
an error. See implementation notes.
CSS border-radius will now also apply to
element outlines.
Improved the display of amount of cached web content in
preferences when cache is being cleared.
Improved the installer AVX check to skip on early versions
(省略されました)

v33.4.0.1 (2024-10-09)
This is a small update to address two important issues:
Extension compatibility issues with the ghostbuster
(leading to tab handling problems).
Windows 7 compatibility issues in 32-bit builds on some
systems (leading to application UI paint failures/black window).

v33.4.0 (2024-10-08)
This is a development, bugfix and security release.
Changes/fixes:
Introduced the "ghostbuster" concept; this is an automated
internal mechanism to attempt cleanup of particularly problematic web
content after a tab or window is closed. See implementation notes.
Added support for the PROT_MPROTECT security feature on
targets that use it (notably PaX and NetBSD).
Implemented preferences to give the user control over the
Same-Origin Policy (SOP) and CORS preflight. See implementation notes.
Improved buildability on NetBSD and Altivec architectures.
Fixed building issues on Apple Silicon Mac with XCode 16.
Added workarounds for non-standard MSE/WebM/VPx encoding on
YouTube that could cause video buffering and halting issues.
Dev: Changed the default credentials mode for module
scripts from 'omit' to 'same-origin', aligning with mainstream.
Dev: Implemented getTransform and setTransform
with DOMMatrix arguments.
Dev: Implemented ES2023 Hashbang grammar proposal.
(省略されました)

v33.3.1 (2024-09-10)
This is a minor security and bugfix update.
Changes/fixes:
Backed out support for FFmpeg 7.0/libavcodec 61 (Linux) due
to it causing a major regression in WebAudio (broken on all platforms).
This is being worked on to re-land at a later date.
Restricted the NotifyPaintEvent interface to
chrome code only; there is no reason (other than potential
tracking/fingerprinting) to have this accessible from content.
Fixed a potentially exploitable issue in JavaScript (FetchName).
Fixed a code correctness issue in XPConnect when creating
sandboxes. DiD
Added a warning for using externally handled usenet
protocols.
Security issues addressed: CVE-2024-8383 and CVE-2024-8381.
processor with AVX capabilities! Please keep an eye on the forum for

v33.3.0 (2024-08-13)
This is a major development update.
Important
notes with this version:
From this version forward, all 64-bit releases require a
processor with AVX capabilities! Please keep en eye on the forum for
announcements of 64-bit SSE builds by the community if you are on
particularly old or otherwise limited hardware that does not support
AVX.
For Linux users: Starting with this version, our binaries
are built with gcc 11 on a still conservative but more modern build
platform (Oracle Linux 8). As a result, there may be some lib
incompatibilities if you are still running on a particularly old distro
for some reason. While we try to serve as broad of a Linux base as
possible with our binaries, our lowest common denominator will
occasionally shift to newer distros as a result of O.S. life cycles,
compiler capabilities and available libraries.
Changes/fixes:
Implemented the bulk of the CSS "cascade layers" spec (@layer{}).
(省略されました)

v33.2.1 (2024-07-15)
This is a bugfix and security update.
Changes/fixes:
Fixed a crash in CSS grid layout.
Set hidden HTML elements to actually always be hidden.
Updated NSS to 3.90.3.
Updated SQLite to 3.46.0.
Fixed an issue with setting of cookies.
Fixed an issue in Linux IPC code.
Fixed an issue with DNS prefetching (disabled by default).
Security issues addressed: CVE-2024-6611, CVE-2024-6612 DiD and several others
(mostly DiD) that do not
have a CVE number assigned.
Implemented coarser, user-configurable granularity for the

v33.2.0 (2024-06-18)
This is a development, stability and security release.
Note: Mac builds have
switched to Xcode 15 and are now cross-compiled from Apple silicon for
Intel targets. While the resulting builds have been tested on a few
Intel Mac systems, this is a big build change, so please get in touch
through our forum
if you experience any issues with these builds on Mac.
New features:
Implemented the missing parts of the html5 <dialog>
element, including modal handling and custom backdrops.
Implemented courser, user-configurable granularity for the
canvas poisoning anti-fingerprinting measure. See implementation notes.
Implemented new CSS viewport units svw, svh,
svmin, svmax, lvw, lvh,
lvmin, lvmax, dvw, dvh,
dvmin and dvmax.
Implemented new CSS logical viewport units vb,
vi, svb, svi, lvb,
(省略されました)