Pale Moon has been updated to version 33.5.0. This is a development, bugfix and security release.
Note: Intel Mac builds are now "ad hoc" signed instead of unsigned, which should solve potential issues with newer macOS while still being compatible with old OS X. If you experience issues, please post in the Mac board on the forum for support.
Changes/fixes:
- Implemented
Regular Expression "match indices" (/d) feature.
- Added
a way to programmatically clear the DNS cache in the browser, and added a
button to the UI for it in about:networking.
- Updated
handling of referrer policies to adhere to the updated spec.
- CSS
font variations keywords no longer throw an error. See
implementation notes.
- CSS border-radius will
now also apply to element outlines.
- Improved
the display of amount of cached web content in preferences when cache is
being cleared.
- Improved
the installer AVX check to skip on early versions of Windows 10 (which
don't support it).
- Updated
NSS to 3.90.5 (unofficial) to pick up some security fixes.
- Refreshed
the built-in list of effective top-level domains.
- Fixed
several application crashes.
- Reduced
unnecessary debug/informative messages in release builds (WebGL and CSP).
- Backed
out building against ffmpeg 6.0 and ffvpx 6.0 for causing a video playback
regression on full-range videos (levels 0-255).
- Cleaned
up a large amount of leftover Boot2Gecko code, simplifying code paths
throughout the code base.
- From
this version forward we also publish language packs for Persian (Farsi),
Hindi, Kannada and Vietnamese.
- Security
issues addressed: CVE-2024-11693 and CVE-2024-11704 (DiD).
Implementation notes:
- The
CSS font variations keywords (woff2-variations, truetype-variations,
etc.) allow webmasters to indicate format hints for @font-face font
resources so authors can provide alternative resources for browsers that
don't support tech(variations). The intent of these hints is to
provide an alternate font with variations in addition to regular fonts
without. Unfortunately, some webmasters don't indicate a base font the
variation font face would be an alternate for, which resulted in Pale Moon
throwing an error on the only @font-face src entry provided,
in turn having the web font not being loaded at all (because no valid
entry was found), breaking website layout. From this version onwards, we
parse the -variations keywords allowing variation alternative
font-faces to be loaded, even if no base font was specified. To webmasters
only supplying @font-face entries with variations keywords: please
understand the intent of this CSS 4 spec and always provide a base font
entry (graceful fallback).
*DiD: This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.
**Rejected security patches: This means that patches were theoretically applicable to our code but considered undesirable, which could be due to unwanted changes in behavior, known regressions caused by the patches, or unnecessary risks for stability, security or privacy.
Pale Moon includes both 32- and 64-bit versions for Windows: Pale Moon for Windows downloads.