|バージョン||28.0.1 188.8.131.52 28.0.0 27.9.4 27.9.3 27.9.2 27.9.1 27.9.0 27.8.3 27.8.2 27.8.1|
2018/08/31 ver 28.0.1
This is a bugfix point release to address serious performance
bottlenecks and general run-time issues (UI slowness, crashes, hangs)
with the browser. Once again this impacted 32-bit operating systems
more severely than 64-bit ones due to its more limited address space
that would get flooded with bogus data.
Backed out a Mozilla upstream patch causing issues with IPC
and texture allocation for the compositor.
Backed out a Mozilla upstream patch causing issues with
2018/08/28 ver 184.108.40.206
v220.127.116.11 (2018-08-28) - Windows only
This is a Windows-only update to address some stability/performance
issues that have popped up with the new milestone release on especially
The cause seems to be a compiler bug in Visual Studio 2015 with certain
optimizations. Although 64-bit does not seem to be directly affected,
we are still applying more cautious optimizations there too from this
point forward until we can figure out exactly what the cause is and
which (more aggressive) optimizations are safe to use.
2018/08/27 ver 28.0.0
Pale Moon for Windows
[SOON] Pale Moon for Mac
Pale Moon Portable
We are excited to bring you Pale Moon 28.0. This is a new major
milestone in Pale Moon's release history.
We are now building on the Unified
Platform which has been forked off from Mozilla's mozilla-central
point before Rust and Quantum to continue focus on the XUL interface
language and traditional browser extensions. Many thousands of things
have changed since the v27 (AKA "Tycho") versions, which can't possibly
all be listed here. Instead, the most pertinent improvements in this
release are highlighted here:
major upgrade and now supports all landmark features from the
ECMAScript standards as carried by mainstream browsers. This should put
2018/07/17 ver 27.9.4
This is a security and usability update.
Updated the useragent for addons.mozilla.org to work around
their "Only with Firefox" discrimination preventing users from
downloading themes, old versions of extensions, and other files with
Restricted web access to the moz-icon://
scheme that could potentially be abused to infringe the user's privacy.
Prevented various location-based threats. DiD
Fixed a potential vulnerability with plugins being
redirected to different origins (CVE-2018-12364).
Improved the security check for launching executable files
(by association) on Windows from the browser. For users who have (most
likely accidentally) granted a system-wide waiver for opening these
kinds of files without being prompted, this permission has been reset.
Fixed an issue with invalid qcms transforms
Fixed a buffer overflow using the computed size of canvas
2018/06/12 ver 27.9.3
This is a security update.
(CVE-2017-0381) Ported a patch from libopus upstream. Note,
contrary to that report, the libopus maintainers state they don't
believe remote code execution was possible, so this was not a critical
Fixed an issue with task counting in JS GC.
Fixed a use-after-free in
DOMProxyHandler::EnsureExpandoObject (thanks to Berk Cem G旦ksel for
Portable only: Included the previously omitted registry
helper. This may in some cases help with file/type associations.
2009-2018 Moonchild Productions - All rights reserved
2018/05/19 ver 27.9.2
This is a security and stability update.
We changed the language strings for softblocked items so
people will cry less when we do our job.
(CVE-2018-5174) Prevent potential SmartScreen bypass on
(CVE-2018-5173) Fixed an issue in the Downloads panel
improperly rendering some Unicode characters, allowing for the file
name to be spoofed. This could be used to obscure the file extension of
potentially executable files from user view in the panel.
(CVE-2018-5177) Fixed a vulnerability in the XSLT component
leading to a buffer overflow and crash if it occurs.
(CVE-2018-5159) Fixed an integer overflow vulnerability in
the Skia library resulting in possible out-of-bounds writes.
(CVE-2018-5154) Fixed a use-after-free vulnerability while
enumerating attributes during SVG animations with clip paths.
(CVE-2018-5178) Fixed a buffer overflow during UTF8 to
2018/05/07 ver 27.9.1
This is a maintenance release.
Removed the unused/incomplete places protocol handler.
Worked around an issue with MSE media without a Track ID.
This should help with the playability of some live streams.
Ported across jemalloc improvements from UXP.
Ported across cairo mutex improvements from UXP.
Added support for FFmpeg 4.0/libavcodec 58.
Added a fix for Windows 10's "isAlpha()" not being what one
would expect in v1803.
2018/04/17 ver 27.9.0
This is the last major development update for the v27 milestone
After this, we will be focusing our efforts for new features entirely
on UXP and the new v28 milestone building on it. We will continue to
support v27.9 with security and stability updates for a while, but no
major new features will be added from this point forward.
Fixed a number of spec compliance issues in our media
Added a trailing slash to referrers when policy is set to
fix some web compatibility issues.
Fixed the property order in
Object.getOwnPropertyNames(string) and others for web compatibility.
Updated RegExp(RegExp object, flags) to the ES6 standard
Changed the embedded font from the no longer free EmojiOne
to the open-licensed Twemoji (with additional fixes). This also further
extends unicode support to Unicode 10 emoji(s). Please note that as a
2018/03/29 ver 27.8.3
This is a small update to address a pervasive crashing issue.
Backed out some responsive layout code that caused
intermittent but not uncommon crashes in the browser depending on
window sizes and page content.
2018/03/23 ver 27.8.2
This is a security update.
Privacy fix: prevented update checks for the default theme.
Added a user-agent override for Dropbox to improve
compatibility with their service.
Fixed an issue with mouseover handling related to
Disabled the Mac OSX Nano allocator. DiD
Fixed (CVE-2018-5129) OOB Write.
Updated the lz4 library to 1.8.0 to solve potential issues.
Fixed (CVE-2018-5137) Path traversal on chrome:// URLs
Fixed several memory safety an synchronicity hazards.
DiD This means that
2018/03/06 ver 27.8.1
This is a small update to address some breaking issues.
Backed out the NSPR/NSS update from 27.8.0 for causing
crashes, general operational instability and handshake issues.
Disabled TLS 1.3 draft support by default, because with the
NSS backout we only support an older draft right now that is no longer
current and may cause connectivity issues. You can manually re-enable
it at your own risk in about:config by setting security.tls.version.max