Latest software news and updates

Pale Moon 33.7.0

Pale Moon is an Open Source, Goanna-based web browser available for Microsoft Windows, Linux and Android, focusing on efficiency and ease of use. Make sure to get the most out of your browser!

Pale Moon offers you a browsing experience in a browser completely built from its own, independently developed source that has been forked off from Firefox/Mozilla code, with carefully selected features and optimizations to improve the browsers speed, resource use, stability and user experience, while offering full customization and a growing collection of extensions and themes to make the browser truly your own.

Features:

  • Optimized for modern processors
  • Based on proprietary optimized layout engine (Goanna)
  • Safe: forked from mature Mozilla code and regularly updated
  • Secure: Additional security features and security-aware development
  • Supported by our user community, and fully non-profit
  • Familiar, efficient, fully customizable interface
  • Support for full themes: total freedom over any elements design
  • Support for easily-created lightweight themes (skins)
  • Smooth and speedy page drawing and script processing
  • Increased stability: experience fewer browser crashes
  • Support for many Firefox extensions
  • Support for a growing number of Pale Moon exclusive extensions
  • Extensive and growing support for HTML5 and CSS3
  • Many customization and configuration options

Pale Moon 33.7.0 release notes:

  • Implemented CSS two-location color stop logic. This allows for two-location color stops (`color x% y%`) in gradients, which is shorthand for `color x%, color y%` where both colors are equal.
  • Our minimum GCC version requirement to build is now 9.1.
  • Improved channel handling when CSP blocks network redirects.
  • Implemented several fixes for CORS preflight requests.
  • Added explicit whitelisting from CSP content loading of javascript: scheme URLs.
  • Updated the ffvpx library to 6.0.1, this time preventing video color range regressions. An update to 6.0 was previously backed out in 33.5.0.
  • Updated the JPEG-XL library to 0.11.1 to pick up several fixes and improve decoding compatibility of jxl files.
  • Updated the SQLite library to 3.49.1.
  • Fixed a spec compliance issue with DOMRect and DOMQuad returning 0 if NaN was present. We now return NaN in that case, per spec.
  • Fixed a spec compliance issue with NTLM authentication. We now compute Channel Binding Hashes using the certificate signature's hash algorithm, per spec.
  • Note that particularly weak algorithms are not used and SHA256 will be used as a minimum, instead, in those cases.
  • Fixed a buildability issue on Mac with XCode 16.3.
  • Added some additional safety checking to SharedArrayBuffers.
  • Added some additional safety checking to XSLT compilation and transformation.
  • Windows only: Added a preference widget.windows.follow_shortcuts_on_file_open to control how Windows File Open dialogs handle shortcut links. See implementation notes.
  • Security bugs addressed: CVE-2025-3028 (DiD) and CVE-2025-3033 (see implementation notes).

Implementation notes:

  • Windows only: This version introduces a new (numeric) preference to control how the "Open File" dialogs handle shortcut links in the file system.
  • A low-severity security issue (CVE-2025-3033) was found that in some specific circumstances could allow a malicious actor to convince a user to upload an unintended file from their file system with a specially-crafted shortcut file. To mitigate this, a special flag can be passed to File Open dialogs which prevent the dialogs from parsing shortcut links and navigating to target files and folders based on the shortcut file contents. This can be controlled with the newly-added preference. Since this flag, when set, also prevents users from navigating "through" shortcuts to folders (from e.g. the desktop) and would instead open/attach/upload the shortcut file itself, this would be disruptive to many users' workflows. Considering the major usability drawback and the low-severity nature of the security issue (which would require considerable social engineering to pull off), Pale Moon, at least for the time being or until a better solution is found, will continue allowing the following of shortcuts and navigating through them to target folders and files in File Open dialogs. If you are overly cautious, you may want to set this preference to the value 0 which always prevents shortcut parsing and following. For everyone else, just a warning to please stay safe and never follow strange sequences of instructions from strangers that you don't exactly know what they do (and never take their explanations at face value).