|バージョン||32.1.1 188.8.131.52 31.0.0 30.0.0 29.4.4 29.3.0 28.17.0 28.16.0 28.13.0 28.12.0 28.9.1|
This is a bugfix and security release.
Fixed a crash in CompareDocumentPosition with Shadow DOM.
Fixed a crash with display:contents styling.
Added a preference to disable the TLS 1.3 protocol
downgrade sentinel (see implementation notes).
Changed the way large clipboard copy/paste operations are
handled, improving privacy (see implementation notes).
Improved filename safety when saving files to prevent
potential environment leaks (bis).
Improved sanity checks of MIME type headers.
Security issues addressed: CVE-2023-29545 and
UXP Mozilla security patch summary: 2 fixed, 1 rejected, 49
Some proxies and middleware boxes improperly handle the TLS
1.3 protocol handshake causing an insecure downgrade to TLS 1.2. With
32-bit Windows only!
This is a rebuild of 31.4.1 for Windows 32-bit to address run-time
crashes on Windows 7 32-bit on older hardware.
This is a bugfix release.
Fixed wrong color of decoded JPEG-XL images.
Fixed an issue with plugins not receiving keypress events
This is a major development update, adding JPEG-XL image support among
Added support for the JPEG-XL image format.
Implemented regular expressions lookaround/lookbehind.
Aligned CORS header parsing with the updated spec. See
We no longer fire keypress events for non-printable keys.
Rejected security patches:
This means that patches were theoretically applicable to our code but
considered undesirable, which could be due to unwanted changes in
behavior, known regressions caused by the patches, or unnecessary risks
for stability, security or privacy.
This is a new milestone release.
After our unacceptable and recalled release of v30.0.0 and 30.0.1 with
the departure of one of the core devs from our team
requiring us to rewind and re-do several months of work to exclude
undesired code changes and what likely lay at the root of the plethora
of stability and run-time issues of the recalled versions, we're back
on track with a new milestone building on UXP and Goanna (v5.1) with
many improvements and additional user-requested features.
To prevent user confusion, we're skipping from 29 to 31.
Most important changes in this
We're once again accepting the installation of legacy
This is a
new milestone release!
Following the change in direction as announced on the forum and
directly driven by user feedback and community input, Pale Moon is
abandoning its own GUID (globally-unique identifier) and adopting
Firefox's GUID instead to provide maximum compatibility with old and
unmaintained Firefox extensions alongside those that are maintained on
our add-ons site.
Please understand that this gives more freedom for people to use
potentially incompatible and old/insecure browser extensions, but also
means we will have a more "hands-off" approach to it from this point
forward which as a consequence means you will have to resolve more
issues yourself and take more care, especially when using external/old
Please note that our current add-ons site will, for a while, serve both
older versions of Pale Moon and newer ones in a side-by-side manner,
and it is important that you do not
spoof your user agent when visiting the add-ons site or you may
Pale Moon Homepage
Pale Moon Start Page
Pale Moon Linux Site
Pale Moon Add-ons Site
Pale Moon Developer Site
Pale Moon Forum
The project >
Pale Moon branding
This is a development, bugfix and security update.
Changed the way dates and times are formatted in the UI to
properly adhere to the user's regional settings in the O.S.
Re-enabled the DOM Filesystem API for web compatibility.
Moved the global user-agent override to the networking
component. See implementation notes.
Worked around crashes and run-time issues with module
scripts. See implementation notes.
Fixed a website layout issue with table-styled elements
potentially overlapping when placed inside a flexbox.
Fixed some code logic issues with websockets.
Fixed a regression when waking the computer from standby
causing high CPU usage in some uncommon situations.
Updated the list of prohibited ports the browser can use.
See implementation notes.
Updated root certificates.
Windows: Changed the way downloaded files without an
This is a development and security update to the browser.
Note for Linux users:
With CentOS 6 going end-of-life, this version will be the last for
which we will be building 32-bit Linux official binaries to download.
While your distribution may choose to continue offering 32-bit versions
of the browser, built from source by the maintainers, we won't be
offering any further official 32-bit Linux binaries on our website.
Please check with your distribution's package maintainers to know if
further 32-bit support will be available on your particular flavor of
Aligned CSS tab-size with the specification
and un-prefixed it.
Updated Brotli library to 1.0.9.
Updated JAR lib code.
Optimized UI code, resulting in smaller downloads and less
space consumed on disk.
Changed the default Firefox Compatibility version number to
68.0 (since versions ending in .9 makes
This is a compatibility, bugfix and security update. Special thanks to
our new code contributors this cycle (you know who you are)!
Updated the included site-specific user-agent overrides for
a number of websites that need them.
Rewritten the browser's padlock code to use more modern
APIs and provide more accurate security status indication.
Now also with localized tooltips!
Fixed a missing close button on the undo prompt after
removing a thumbnail from the QuickDial new tab page.
Fixed an issue with the alternative stylesheet menu in the
browser's UI not working.
Implemented the use of intrinsic aspect ratios for images
to improve layout during load and page positioning.
Added a preference to the use of node.getRootNode
and disabled by default. See implementation notes.
Added CSS -webkit-appearance as an alias for -moz-appearance
to improve compatibility with websites that only try to use Chrome-specific
This is a development, bugfix and security update.
Added controls for WASM to the browser's preferences, and
enabled by default.
Enabled various arbitrarily-disabled CSS functions.
Added the use of basic path descriptors (i.e. polygon) to
css clip paths.
Implemented multithreaded request signal handling for the
Abort API. Please see implementation notes below.
Updated the included US-English dictionary, adding
approximately 2500 additional words.
Removed the DOM battery API. This was already disabled for
privacy reasons for a long while.
Fixed an erroneous warning displayed on toolkit-only
add-ons like supplied dictionaries.
Fixed an issue with the sessionstore tab load preference.
Improved the generation of the names of downloaded files to
prevent confusion. (CVE-2020-15658)
This is a minor security and bugfix release.
Re-imported the ExtensionStorage js module for use by
Fixed an issue with the WebRequest module having
erroneously un-processed build directives in it. This might have caused
some subtle breakage.
Removed the use of high-resolution Windows system timers
from the layout refresh driver; this should help with some performance
and battery life issues.
Fixed an issue where various parts of hardware acceleration
weren't properly linked when changing the option from preferences.
If you have changed the preferences option to "use hardware
acceleration when available" between 28.9.0 and this release, it is
recommended that you go into preferences and toggle the option off/on
to the preferred setting to correct any discrepancies.
Fixed an issue with building the user-agent string using
the build date as ID.
Fixed an issue with the release of document content viewers