Why settle for a basic build of your Firefox browser on Windows Operating Systems when you can have one that performs 25% faster? Mozilla does not provide optimized browser packages for Windows, while many Linux ("from scratch") users get the advantage of a browser built specifically for their system. That needs to change! So, here is the Pale Moon project: Custom-built and optimized Firefox browsers for Windows Operating Systems. Make sure to get the most speed out of your browser.
Of course, getting a faster browser is not just about optimizing the compilation process (building a program from its source code), but also about carefully choosing features and how to choose the best setup. This means that this browser, however extremely close to Firefox, does not have all the functions that Firefox has. A few, carefully selected, features have been disabled that are not in high demand, and that do not interfere with the way web pages are displayed or function; all to maximize speed and efficiency of the browser. Please see the page with technical details to learn exactly what the browser supports, and what it doesn't support. In short, if you need accessibility features or parental controls, then please visit the firefox homepage and get the official, non-optimized build.
Features
- Highly optimized for current processors
- 100% Firefox sourced: As safe as the browser that has seen years of development.
- Uses slightly less memory because of disabled redundant and optional code
- Significant speed increases for page drawing and script processing
- Support for SVG and Canvas
- Support for Firefox extensions, themes and personas
What's New
This is a minor development and security update. Important: as of this version, our beta FreeBSD binaries require at least FreeBSD 13.
Changes/fixes:
- Restricted protocol fallback for TLS. Pale Moon no longer (by default) allows TLS 1.3 to fall back to earlier protocol versions during the initial handshake.
- Reverted the addition of browser.bookmarks.openInTabClosesMenu due to behavioral issues with menus.
- If you desire the intended behavior, please use an extension instead.
- We no longer support the data: protocol inside SVG's
- Enabled more validation/error checking for WebGL on Windows to prevent potential crashes.
- Improved secure context checking for iframes.
- Fixed the handling of relative paths in URLs starting with multiple forward slashes.
- Security issues addressed: CVE-2023-6204, CVE-2023-6210, CVE-2023-6209 and CVE-2023-6205 DiD
- UXP Mozilla security patch summary: 3 fixed, 1 DiD, 14 not applicable.
Pale Moon 32.5.0
Changes/fixes:
- Added an initial implementation of the ReadableStreams API, improving web compatibility with sites that apparently use this API in utilitarian fashion.
- Added support for transparency in WebM videos for the edge case of usi
- Added support for crypto.randomUUID to allow website scripting to generate random UUIDs (universally unique identifiers) through the WebCrypto interface.
- By user request, added a preference browser.bookmarks.openInTabClosesMenu (default true) to allow users to configure if they want to keep the bookmarks menu open if they open bookmarks from it in a new tab (by middle-clicking or Ctrl-clicking). The default behavior is to close the bookmarks menu like any other menu when an option in it is clicked.
- Removed the user-agent override for Netflix, since they have stopped supporting the Silverlight browser plugin. Pale Moon no longer has a way to provide Netflix DRM-controlled playback with them dropping it, so there is no longer a reason to try and force compatibility.
- Updated the user-agent override for Spotify. While it is possible to use the website with this, it suffers from the same DRM issue and not all media will be playable (only non-encumbered media can be played in Pale Moon like podcasts). Your mileage may vary.
- Implemented timer nesting and clamping for workers, preventing timer hangs on bad website code.
- Improved handling of drawing SVG images on canvases without explicit width or height attributes. We now follow the css-sizing-3 Intrinsic Sizes spec.
- Improved performance of our memory allocator.
- Updated libvpx to 1.6.1.
- Cleaned up and updated some media playback code.
- Removed the inclusion of GMP (Gecko Media Plugin) support from Pale Moon, as it was only in use for EME/DRM and WebRTC, neither of which we support.
- Removed the last vestiges of EME/DRM code from UXP, since this will never be supported in any application building on it due to the media industry's draconic policies around FOSS.
- Removed simd.js, moving actually used SIMD handling to C++.
- Removed the use of libav in our source, replacing its supply of FFT with the equivalent from FFMpeg.
- Fixed potential type confusion in IonMonkey due to 3-byte opcodes.
- Fixed an issue with tooltips persisting even if the browser window would have lost focus.
- Fixed PerformanceObserver navigation and resource timing (default disabled for privacy); our implementation now fully passes conformance tests.
- Fixed an issue where top-level SVG images would not be correctly clipped by positioned elements, giving the impression of wrong z-ordering as the SVG would overlap other elements.
- Dev: Updated setInterval to fall back to 0 if no duration is supplied.
- Dev: Updated ResizeObserver to a recent spec change, now returning an array of results for borderBoxSize and contentBoxSize instead of an object.
- Dev: Updated Intl.NumberFormat and DefaultNumberOption() to follow spec updates. Most importantly for web compatibility, we now allow the "maximumFractionDigits" option in Intl.NumberFormat to be less than the default minimum fraction digits for the chosen locale, following the general consensus in TC39 around this issue.
- Increased leniency (removed upper limit) of GLSL versions as they tend to be fully backwards compatible.
- Fixed various crashes.
- Added a safeguard to the sec-gpc header (Global Privacy Control) so it cannot be inadvertently overwritten.
- Security fixes: addressed CVE-2023-5722, CVE-2023-5723, CVE-2023-5724, CVE-2023-5727 and several other issues without a CVE number assigned to them.
- UXP Mozilla security patch summary: 6 fixed, 2 DiD, 19 not applicable.
Pale Moon 32.4.1 release notes
- Fixed an issue in BigInt typedArray costructors.
- Added some safety checks for Performance Observers.
- Fixed JSON BigInt regressions.
- Fixed missing BigInt increment/decrement operations.
- Added WASM sign extension opcodes.
- Fixed an issue with dead Promise wrappers in JavaScript DiD
- Fixed an issue with Alternative Services DiD
- Fixed an issue with libvpx (address CVE-2023-5217) DiD
Previous release notes
- Fixed a WebP decoder issue (CVE 2023-4863)
- Implemented the BigInt primitive type for JavaScript. See implementation notes.
- Implemented Big(U)Int64 array support.
- Implemented ergonomic brand checks for JavaScript class fields.
- Aligned the Performance API with the Timeline v2 spec.
- Aligned the handling of flex/grid percentages resolving against the parent with other browsers. See implementation notes.
- Added or updated several user-agent overrides for problematic websites.
- Added 2 preferences to allow users to disable CSS animations and transitions. See implementation notes.
- Improved compatibility with MacOS 14.
- Fixed an important, intermittent JavaScript crash related to garbage collection.
- Fixed several crashes.
- Fixed several debug build related issues.
- Fixed an issue building on SunOS related to the spelling library.
- Developer: Added ASan support for building with MSVC.
- Added the .xll file extension to the executable extensions list.
- Security issues addressed: several potential security issues that do not have a CVE number. DiD
- UXP Mozilla security patch summary: 1 fixed, 3 DiD, 17 not applicable.
Implementation notes:
- The BigInt primitive (base number format) in JavaScript allows JavaScript to handle excessively large integers (whole numbers). This primitive is especially useful for specialized scientific applications that need very large yet accurate numbers, but has seen widespread adoption for an as of yet unknown reason as part of web frameworks, causing general web compatibility issues for Pale Moon when scripts expect BigInt support and instead have an error thrown. We have now implemented this primitive for use so we no longer have compatibility issues with these frameworks. It is still unknown why BigInt is in use there and for what. Critical note: BigInt might be tempting to consider for JS-backed cryptography but this is very ill-advised, as BigInt operations are, by their nature, not constant-time and allow timing and side-channel attacks.
- Flex and grid item sizes in percentages would previously be resolved against the parent like other elements, according to a very long-standing practice that stems from the Internet Explorer days. Mainstream browsers have, however, made an exception for flex items and grid items to no longer do this. We have now made the same exception for these types of elements which should solve layout issues on some websites (notably reserving too much space for items, often resulting in very large areas of whitespace or items being pushed out of view).
- Two preferences were added (layout.css.animation.enabled and layout.css.transition.enabled) to allow users to completely disable CSS-based animations and transition effects. This was a request by users as both a performance and accessibility consideration. Please note that in some cases, disabling animations and transitions may have an impact on final web page layout, so you may run into some issues when disabling these animations and transitions as the web pages were designed to use them.