Pale Moon has been updated to version 32.0.0. This is a milestone update.
The primary focus for this milestone is web compatibility, in particular Regular Expression extensions, standards compliance issues and further JPEG-XL support. This milestone now offers full coverage of the ECMAScript 2016-2020 JavaScript specifications, with the exception of BigInt primitives.
Most important changes:
*DiD: This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.
**Rejected security patches: This means that patches were theoretically applicable to our code but considered undesirable, which could be due to unwanted changes in behavior, known regressions caused by the patches, or unnecessary risks for stability, security or privacy.
Pale Moon includes both 32- and 64-bit versions for Windows: Pale Moon for Windows downloads.
Update: To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window. Select About Pale Moon > Check for Updates.
Release Notes
The primary focus for this milestone is web compatibility, in particular Regular Expression extensions, standards compliance issues and further JPEG-XL support. This milestone now offers full coverage of the ECMAScript 2016-2020 JavaScript specifications, with the exception of BigInt primitives.
Most important changes:
- Implemented Regular Expression named capture groups.
- Implemented Regular Expression unicode property escapes.
- Re-implemented Regular Expression lookaround/lookbehind (without crashing this time).
- Implemented progressive decoding for JPEG-XL.
- Implemented animation for JPEG-XL.
- Renamed CSS offset-* properties to inset-* to align with the latest spec and the web.
- Fixed CSS inheritance and padding issues in some cases.
- Aligned parsing of incorrectly duplicated HSTS headers with expected behavior (discard all but the first one).
- Implemented a method to avoid memory exhaustion in case of (very) large resolution animated images.
- Updated the JPEG-XL and Highway libraries to a recent, stable version.
- Cleaned up some unused CSS prefixing code.
- Improved the ability to link on *nix operating systems with other linkers than gcc's default.
- Stability improvements (potential crash fixes).
- Security issues addressed: CVE-2023-23598, CVE-2023-23599 and several others that do not have a CVE number.
- UXP Mozilla security patch summary: 4 fixed, 2 DiD, 19 not applicable.
*DiD: This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.
**Rejected security patches: This means that patches were theoretically applicable to our code but considered undesirable, which could be due to unwanted changes in behavior, known regressions caused by the patches, or unnecessary risks for stability, security or privacy.
Pale Moon includes both 32- and 64-bit versions for Windows: Pale Moon for Windows downloads.
Update: To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window. Select About Pale Moon > Check for Updates.
Release Notes