Pale Moon Version 34.3.1 Released with Security Updates

[Corrine]

Pale Moon has been updated to version 34.3.1.  This is a security and bugfix update.

Changes/Fixes:

• Pale Moon will now exclude local resources from <base> CSP checks, aligning it with the rest of CSP handling.
• Fixed an issue where the devtools JSON viewer would, in some cases, make erroneous requests to remote servers.
• Updated libpng to 1.6.58+apng.
• Updated NSS to 3.90.12 (UXP), addressing multiple security issues.
• Fixed several intermittent and rare crashes.
• Security issues addressed: CVE-2026-12318 (CWE-125), CVE-2026-12322, CVE-2026-12292 (DiD), and multiple other issues that did not have a CVE designation at the time of patching.

Notes:
*DiD: This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

Pale Moon includes both 32- and 64-bit versions for Windows: Pale Moon for Windows downloads.

Update: To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

Release Notes
Release Cycle