|バージョン||28.4.0 28.2.2 28.2.1 28.2.0 28.1.0 28.0.1 184.108.40.206 28.0.0 27.9.4 27.9.3 27.9.2|
2019/02/19 ver 28.4.0
Pale Moon: Release notes
This is a major development, stability and security release.
Removed more telemetry code from the platform.
Fixed implementation of the IntersectionObserver
API to avoid crashes, and enabled it by default.
Switched to the new ffmpeg decode API to avoid dropping of
Fixed a buffering issue in the WebP decoder that caused
intermittent browser crashes.
Improved resource-efficiency for internal stopwatch timers.
Improved handling of incorrectly-encoded CTTS in media
files, resolving some playback issues of videos.
Improved the Cycle Collector and Garbage Collector.
Improved fullscreen navigation bar handling in the
situation it has focus when switching to full screen.
Aligned instanceof with the final ES6 spec.
2018/12/06 ver 28.2.2
This is a minor update to address a few pertinent issues.
Changed the about:feeds icon for external applications to a
generic icon, since that kind of access to executables is no longer
allowed for security reasons.
Fixed issues with copying/pasting bookmarks in the Library
Fixed a crash occurring when using HTTP pipelining over
some (broken) proxies.
Fixed several issues with animated WebP display (animations
stopping, corrupted frames on lossy images, etc.)
Fixed an issue with the display of truncated GIF images.
Fixed an issue with deleting recent history not working
Fixed incorrect duplicate compatibility mode preferences in
2018/11/16 ver 28.2.1
This is a bugfix release to address critical usability issues with the
2018/11/14 ver 28.2.0
Pale Moon homepage
Pale Moon Start page
The project >
Pale Moon branding
Pale Moon layout
Donations and Support
2018/09/21 ver 28.1.0
This major update is focused on performance, security and some
regression and bug fixes.
Updated NSS to 3.38, removed TLS 1.3 draft version check
since it's considered final.
Reinstated RC4 as an optional encryption cypher for
non-standard environments (e.g. old routing/peripheral networked
hardware on LAN). RC4 and 3DES are marked weak and disabled, and will
never be used in the first handshake with a site, only as last-ditch
fallback when specifically enabled (meaning they won't show up on
ssllabs' test, for example).
Removed Telemetry accumulation calls, automatic timers and
stopwatches. This removes a very noticeable performance sink for all
operations on all platforms.
Fixed many occurrences of discouraged types of memory
access for primarily GCC 8 compatibility. This improves overall code
security as a defense-in-depth measure.
Re-implemented the pref-controlled custom background color
2018/08/31 ver 28.0.1
This is a bugfix point release to address serious performance
bottlenecks and general run-time issues (UI slowness, crashes, hangs)
with the browser. Once again this impacted 32-bit operating systems
more severely than 64-bit ones due to its more limited address space
that would get flooded with bogus data.
Backed out a Mozilla upstream patch causing issues with IPC
and texture allocation for the compositor.
Backed out a Mozilla upstream patch causing issues with
2018/08/28 ver 220.127.116.11
v18.104.22.168 (2018-08-28) - Windows only
This is a Windows-only update to address some stability/performance
issues that have popped up with the new milestone release on especially
The cause seems to be a compiler bug in Visual Studio 2015 with certain
optimizations. Although 64-bit does not seem to be directly affected,
we are still applying more cautious optimizations there too from this
point forward until we can figure out exactly what the cause is and
which (more aggressive) optimizations are safe to use.
2018/08/27 ver 28.0.0
Pale Moon for Windows
[SOON] Pale Moon for Mac
Pale Moon Portable
We are excited to bring you Pale Moon 28.0. This is a new major
milestone in Pale Moon's release history.
We are now building on the Unified
Platform which has been forked off from Mozilla's mozilla-central
point before Rust and Quantum to continue focus on the XUL interface
language and traditional browser extensions. Many thousands of things
have changed since the v27 (AKA "Tycho") versions, which can't possibly
all be listed here. Instead, the most pertinent improvements in this
release are highlighted here:
major upgrade and now supports all landmark features from the
ECMAScript standards as carried by mainstream browsers. This should put
2018/07/17 ver 27.9.4
This is a security and usability update.
Updated the useragent for addons.mozilla.org to work around
their "Only with Firefox" discrimination preventing users from
downloading themes, old versions of extensions, and other files with
Restricted web access to the moz-icon://
scheme that could potentially be abused to infringe the user's privacy.
Prevented various location-based threats. DiD
Fixed a potential vulnerability with plugins being
redirected to different origins (CVE-2018-12364).
Improved the security check for launching executable files
(by association) on Windows from the browser. For users who have (most
likely accidentally) granted a system-wide waiver for opening these
kinds of files without being prompted, this permission has been reset.
Fixed an issue with invalid qcms transforms
Fixed a buffer overflow using the computed size of canvas
2018/06/12 ver 27.9.3
This is a security update.
(CVE-2017-0381) Ported a patch from libopus upstream. Note,
contrary to that report, the libopus maintainers state they don't
believe remote code execution was possible, so this was not a critical
Fixed an issue with task counting in JS GC.
Fixed a use-after-free in
DOMProxyHandler::EnsureExpandoObject (thanks to Berk Cem G旦ksel for
Portable only: Included the previously omitted registry
helper. This may in some cases help with file/type associations.
2009-2018 Moonchild Productions - All rights reserved
2018/05/19 ver 27.9.2
This is a security and stability update.
We changed the language strings for softblocked items so
people will cry less when we do our job.
(CVE-2018-5174) Prevent potential SmartScreen bypass on
(CVE-2018-5173) Fixed an issue in the Downloads panel
improperly rendering some Unicode characters, allowing for the file
name to be spoofed. This could be used to obscure the file extension of
potentially executable files from user view in the panel.
(CVE-2018-5177) Fixed a vulnerability in the XSLT component
leading to a buffer overflow and crash if it occurs.
(CVE-2018-5159) Fixed an integer overflow vulnerability in
the Skia library resulting in possible out-of-bounds writes.
(CVE-2018-5154) Fixed a use-after-free vulnerability while
enumerating attributes during SVG animations with clip paths.
(CVE-2018-5178) Fixed a buffer overflow during UTF8 to