Pale Moon is an open-source Mozilla-based internet browser. The browser offers carefully chosen features, full optimization to maximize the browsing speed, high working stability, a redesigned user interface and compatibility with most Firefox plugins.
Pale Moon has a better performance that was tuned by removing some of the Firefox functionality, such as crash reporter, ActiveX, Active Scripting and parental control. Pale Moon has an optimized code that uses the advantages of modern processors. The user interface in Pale Moon is also different: UI controls were changed and reordered by the developers to achieve an improved usability experience. The browser is built only based on the final versions of Firefox, so any development, beta and release candidates are excluded.
Pale Moon main features:
- Uses Firefox open source.
- Tuned code for better experience with modern processors.
- Uses less memory and has disabled redundant code.
- High browsing speed.
- High script processing.
- Supports HTML5, CSS3, WebGL.
- Supports SVG, Canvas and downloadable fonts.
- Supports Firefox themes, plugins and extensions.
- Ability to use Firefox profiles using a migration tool.
- Can be customized and configured to the user’s needs.
- Out-of-process plugin execution (OOPP) that prevents browser from crashing.
- Improved handling of FTP resource loading (allow save-as and cater to some FTP-based browsing).
- Added a preference (security.block_ftp_subresources) to allow users to completely bypass the blocking of FTP subresources if required for their environment, if the improvements made in this release do not suffice.
- Added blocking of authentication-locked cross-origin image subresources by default to prevent spurious auth prompts.
- A preference (network.auth.subresource-http-img-XO-auth) was added to allow users to bypass this blocking if required for their environment.
- Changed the behavior of file: URIs to treat each URI as a unique origin. This prevents cross-file access from scripting.
- A preference (security.fileuri.unique_origin) was added to allow users to relax this restriction if required for their environment.
- Implemented a revised version of http2PushedStream to address some thread safety issues.
- Aligned browser behavior with mainstream regarding inner window behavior when domain is manipulated.
- Backed out a 28.5.* patch for causing multiple issues in the UI and web content.
- Updated NSS to 3.41.2 (custom) to pick up several upstream fixes.
- Added a fix for cross-thread access of Necko. (DiD)
- Added a port safety check for Alternative Services.
- Implemented fixes for applicable security issues: CVE-2019-11719, CVE-2019-11711, CVE-2019-11715, CVE-2019-11717, CVE-2019-11714 (DiD), CVE-2019-11729 (DiD), CVE-2019-11727 (DiD), CVE-2019-11730 (DiD), CVE-2019-11713 (DiD) and several networking and memory-safety hazards that do not have CVE numbers.