Security > Security Alerts & Briefings

Pale Moon Version 31.0.0 Released with Security Updates


Pale Moon has been updated to version 31.0.0.  This is a milestone release following the recall of version 30.  From the Release Notes:Most important changes in this milestone:[*]We're once again accepting the installation of legacy Firefox extensions alongside our own Pale Moon exclusive extensions. As always, please note that using extensions for an old version of a different browser is entirely at your own risk and we obviously cannot and will not provide much (if any) support for their use. Firefox extensions will be indicated with an orange dot in the Add-ons Manager in the browser. This will include the converted extensions for the few of you who are coming from recalled versions with -fxguid suffixes.[*]Implemented "optional chaining" (thanks, FranklinDM!).[*]Implemented setBaseAndExtent for text selections.[*]Implemented queueMicroTask() "pseudo-promise" callbacks.[*]Implemented accepting unit-less values for rootMargin in Intersection observers for web compatibility, making it act more like CSS margin as one would expect.[*]Improvements to CSS grid and flexbox rendering and display following spec changes and improving web compatibility.[*]Improved performance of parallel web workers in JavaScript.[*]Improved display of cursive scripts (on Windows). Good-bye Comic Sans![*]Updated various in-tree libraries.[*]Added support for extended VPx codec strings in media delivery via MSE (RFC-6381).[*]Fixed a long-time regression where the browser would no longer honor old-style body and iframe body margins when indicated in the HTML tags directly instead of CSS. This improves compatibility with particularly old and/or archived websites.[*]Fixed several crashes and stability issues.[*]Added a licensing screen to the Windows installer to clarify the browser's licensing. In other installations, you may find this licensing statement in the added license.txt file in the browser installation location.[*]Removed all Google SafeBrowsing/URLClassifier service code.[*]Restored Mac OS X code and buildability in the platform.[*]Removed the non-standard ArchiveReader DOM API that was only ever a prototype implementation.[*]Removed most of the last vestiges of the invasive Mozilla Telemetry code from the platform. This potentially improves performance on some systems.[*]Removed leftover Electrolysis controls that could sometimes trick parts of the browser into starting in a (very broken) multi-process mode due to some plumbing for it still being present, if users would try to force the issue with preferences. Obviously, this was a footgun for power users.[*]Removed more Android/Fennec code (on-going effort to clean up our code).[*]Removed the Marionette automated testing framework.[*]Security issues addressed: CVE-2022-29915, CVE-2022-29911, and several issues that do not have a CVE number.[*]UXP Mozilla security patch summary: 4 fixed, 1 DiD, 19 not applicable**.[/list]*DiD This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.
**Rejected security patches: This means that patches were theoretically applicable to our code but considered undesirable, which could be due to unwanted changes in behavior, known regressions caused by the patches, or unnecessary risks for stability, security or privacy.

Pale Moon includes both 32- and 64-bit versions for Windows:  Pale Moon for Windows downloads.

Update:  To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

Release Notes


[0] Message Index

Go to full version