Pale Moon Version 32.3.0 Released with Security Fixes

Started by Corrine, July 11, 2023, 03:02:50 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.


Pale Moon has been updated to version 32.3.0.  This is a major development further improving web compatibility and includes security fixes.


  • Added the (hidden) preference browser.history.menuMaxResults to allow users to control how many history entries are listed in the menu. Setting this to 0 will hide history menu entries altogether, and any positive number configures how many entries the entries are limited to. The default if not defined is 15.
  • Switched C++ language level used to C++14 on all platforms.
  • Web compatibility and scripting improvements:
    • Implemented geometry .from* static constructors for web compatibility.
    • Implemented partial support for CSS calc() in color keywords.
    • Implemented Array "find from last" feature (findLast and findLastIndex).
    • Implemented Object.hasOwn(object,property).
    • Implemented several additional Intl API methods and functions. This improves web compatibility with sites making use of things like hourCycle, advanced DateTimeFormat, Intl.Locale, and Intl as a constructor.
  • Cleaned up some unused code.
  • Removed support for Mozilla "experiment" type extensions.
  • Improved the JavaScript garbage collector's sweeping. This should fix a few intermittent crashes and improve performance.
  • Implemented some structural changes to the source to make future porting easier, and preparing for switching to C++17.
  • Removed handling of symlinks for directory linstings to prevent potential security issues by walking symlinks when uploading. This effectively reverts a change made in Firefox 50 where this functionality was introduced. A case of "Not such a good idea after all" ;-)
  • Updated the list of extensions on Windows treated as "executable".
  • Security issues addressed: CVE-2023-37208.
  • Made preparations for for requiring Authorization in CORS ACAH preflight.
Since no browser honors this part of the spec at the moment this is left disabled until there is consensus among browsers.
  • UXP Mozilla security patch summary: 2 fixed, 2 rejected, 20 not applicable.


DiD This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

Rejected security patches: This means that patches were theoretically applicable to our code but considered undesirable, which could be due to unwanted changes in behavior, known regressions caused by the patches, or unnecessary risks for stability, security or privacy.

Pale Moon includes both 32- and 64-bit versions for Windows: Pale Moon for Windows downloads.

Update: To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

Release Notes
Release Cycle

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.