Pale Moon has been updated to version 32.5.1. This is a minor development and security update.
Important: as of this version, our beta FreeBSD binaries require at least FreeBSD 13.
Changes/fixes:
*DiD This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.
Rejected security patches: This means that patches were theoretically applicable to our code but considered undesirable, which could be due to unwanted changes in behavior, known regressions caused by the patches, or unnecessary risks for stability, security or privacy.
Pale Moon includes both 32- and 64-bit versions for Windows: Pale Moon for Windows downloads.
Update: To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window. Select About Pale Moon > Check for Updates.
Release Notes
Release Cycle
Important: as of this version, our beta FreeBSD binaries require at least FreeBSD 13.
Changes/fixes:
- Restricted protocol fallback for TLS. Pale Moon no longer (by default) allows TLS 1.3 to fall back to earlier protocol versions during the initial handshake.
- Reverted the addition of browser.bookmarks.openInTabClosesMenu due to behavioral issues with menus.
If you desire the intended behavior, please use an extension instead. - We no longer support the data: protocol inside SVG's <use> statements.
- Enabled more validation/error checking for WebGL on Windows to prevent potential crashes.
- Improved secure context checking for iframes.
- Fixed the handling of relative paths in URLs starting with multiple forward slashes.
- Security issues addressed: CVE-2023-6204, CVE-2023-6210, CVE-2023-6209 and CVE-2023-6205 DiD
- UXP Mozilla security patch summary: 3 fixed, 1 DiD, 14 not applicable.
*DiD This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.
Rejected security patches: This means that patches were theoretically applicable to our code but considered undesirable, which could be due to unwanted changes in behavior, known regressions caused by the patches, or unnecessary risks for stability, security or privacy.
Pale Moon includes both 32- and 64-bit versions for Windows: Pale Moon for Windows downloads.
Update: To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window. Select About Pale Moon > Check for Updates.
Release Notes
Release Cycle