The Linux version will be released shortly.
Details from the Release Notes:
- Fixed a potentially exploitable crash related to text writing direction. (CVE-2016-5280)
- Made checking for invalid PNG files more strict. Pale Moon will now reject more PNG files that have corrupted/invalid data that could otherwise lead to potential security issues.
- Changed the way paletted image frames are allocated so the space is cleared before it's used. DiD
- Fixed a crash in nsNodeUtils::CloneAndAdopt() due to a typo. DiD
- Fixed several memory safety issues and crashes.
- Implemented a breaking CSP (content security policy) spec change; when a page with CSP is loaded over http, Pale Moon now interprets CSP directives to also include https versions of the hosts listed in CSP if a scheme (http/https) isn't explicitly listed. This breaks with CSP 1.0 which is more restrictive and doesn't allow this cross-protocol access, but is in line with CSP 2 where this is allowed.
- Fixed an issue with the XML parser where it would sometimes end up in an unknown state and throw an error (e.g. when specific networking errors would occur).
- Improved the performance of canvas poisoning by explicitly parallelizing it.
- Windows Vista/Windows 7/Windows 8/Server 2008 or later
- A processor with SSE2 support
- 256 MB of free RAM (512 MB or more recommended)
- At least 150 MB of free (uncompressed) disk space
- PM4XP (Pale Moon for XP) has reached end of support and has been replaced with Pale Moon for Atom.
- Linux version: Available from http://www.palemoon.org/contributed-builds.shtml