Pale Moon has been updated to version 33.2.0. This is a development, stability and security release.
New features:
- Implemented the missing parts of the html5 <dialog> element, including modal handling and custom backdrops.
- Implemented courser, user-configurable granularity for the canvas poisoning anti-fingerprinting measure. See implementation notes.
- Implemented new CSS viewport units svw, svh, svmin, svmax, lvw, lvh, lvmin, lvmax, dvw, dvh, dvmin and dvmax.
- Implemented new CSS logical viewport units vb, vi, svb, svi, lvb, lvi, dvb and dvi.
Changes/fixes:
- Removed the archaic and wholly outdated FIPS security module code.
- Removed the archaic DBM support code for storing of passwords in DBM format files.
- Removed the -moz prefix from -moz-fit-content, aligning with the current CSS standard fit-content value.
- Updated our build system by adopting parts of the old autoconf 2.13 as maintained code. autoconf 2.13 is no longer a build requirement. If you build from source, you may want to review your dependencies with this change.
- Fixed issues when building with GCC 14.* and Clang 16.*.
- Fixed issues with emoji sequence clusters causing incorrect rendering of emoji glyphs in some cases.
- Made some arguments to the legacy XPathEvaluator/XPathExpression interfaces optional for web compatibility.
- Fixed a crash when reporting JavaScript module exporting errors.
- Updated checking of special cookie prefixes to be case-insensitive in accordance with the current RFC 6265 (bis-11+).
- Fixed issues with external protocol handlers.
- Fixed an issue where autocomplete pop-ups would stay open in some circumstances.
- Fixed an issue with potentially bad file names being entered by the user to "Save As...".
- Fixed several crashes and race conditions.
- Security issues addressed: CVE-2024-5699, CVE-2024-5702 DiD, CVE-2024-5690, CVE-2024-5698 DiD, CVE-2024-5688 DiD, CVE-2024-5692 and several other security issues (some more DiD) that do not have CVE numbers assigned to them.
Notes:
*DiD This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.
Mac builds have switched to Xcode 15 and are now cross-compiled from Apple silicon for Intel targets. While the resulting builds have been tested on a few Intel Mac systems, this is a big build change, so please get in touch through our forum if you experience any issues with these builds on Mac.
Pale Moon includes both 32- and 64-bit versions for Windows: Pale Moon for Windows downloads.
Update: To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window. Select About Pale Moon > Check for Updates.
Release Notes
Release Cycle
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...