Pale Moon has been updated to version 34.0.0. This is a milestone update. There are many changes in this update, the most important of which are below.
New features:
- Our default theme on Windows received a refresh and update. It should integrate better with Windows 11 now, and be more responsive to dark accent colors, among other things.
- Implemented
WeakRef. See implementation notes. - Implemented
URL.canParse(). - Implemented the
inset-block and inset-inline CSS shorthands. - Added a preference (
privacy.forgetaboutsite.clearPasswords) to control clearing of passwords when using "forget about this site" in the permissions manager, and disabled clearing of passwords by default, since it was considered unexpected behavior by the community. - Changed our JavaScript PRNG to Xoroshiro128++ to make it more robust while keeping high performance.
Important updates and fixes:
- Re-landed CSS Cascade Layers support after the previous back-out.
- Re-landed CSS
color-mix support after the previous back-out. RGB and HSL color spaces only, like previous. - Implemented viewport overflow propagation logic. See implementation notes.
- Unprefixed CSS
-moz-appearance; Pale Moon now accepts the unprefixed CSS appearance keyword. For compatibility, -moz-appearance and -webkit-appearance (if enabled) have been retained, although the long-term plan is to eventually remove the -moz prefixed one, so if you are an extension or theme developer, please consider switching your CSS to use appearance without a prefix. - Fixed an intermittent but fairly prominent crash-to-desktop due to JavaScript garbage collection on certain modern sites.
- Fixed a crash on sites with certain types of CSP handling.
- Fixed a crash in WASM.
- Updated NSS to 3.90.9 (custom) to pick up several security and stability fixes.
- Updated ICU to v78.1. This is a major uplift for our internationalization subsystem, allowing further future developments for the Internationalization API.
- Updated Emoji support to Unicode 17.
- Updated our expat parser code to a more recent version (2.7.3), fixing various issues.
- Improved handling and rendering of emoji clusters.
Other changes:
- Added support for building on Sparc64 hardware.
- Added support for building for NetBSD on Alpha.
- Added basic support for building on Mac PowerPC (still a work in progress).
- Added basic support for building on LoongArch64 hardware (龍芯 CPUs).
- Added support for running on FreeBSD 15.
- Removed automatic coloring of auto-filled login fields as it would interfere with various browser and system color schemes.
If preferred, this can be reinstated by users with a userContent.css document or e.g. the Stylem extension by leveraging the :autofill CSS pseudo-class. - Restored support for in-process NPAPI plugins, allowing plugin use on systems where out-of-process is undesirable.
- Improved JavaScript IonMonkey stability on ARM and Mac SoC hardware.
- Linux GTK builds now always build with gio, and gconf support has been removed.
- Security issues addressed: CVE-2025-13015, CVE-2026-0879 (DiD), CVE-2026-0880 (DiD), CVE-2026-0889 (DiD), CVE-2026-0883, CVE-2026-0886 (DiD), and several others without a CVE designation.
*DiD: This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.
Pale Moon includes both 32- and 64-bit versions for Windows: Pale Moon for Windows downloads.
Update: To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window. Select About Pale Moon > Check for Updates.
Release Notes
Release Cycle
Remember - "A day without laughter is a day wasted."
