Why settle for a basic build of your Firefox browser on Windows Operating Systems when you can have one that performs 25% faster? Mozilla does not provide optimized browser packages for Windows, while many Linux ("from scratch") users get the advantage of a browser built specifically for their system. That needs to change! So, here is the Pale Moon project: Custom-built and optimized Firefox browsers for Windows Operating Systems. Make sure to get the most speed out of your browser.

Of course, getting a faster browser is not just about optimizing the compilation process (building a program from its source code), but also about carefully choosing features and how to choose the best setup. This means that this browser, however extremely close to Firefox, does not have all the functions that Firefox has. A few, carefully selected, features have been disabled that are not in high demand, and that do not interfere with the way web pages are displayed or function; all to maximize speed and efficiency of the browser. Please see the page with technical details to learn exactly what the browser supports, and what it doesn't support. In short, if you need accessibility features or parental controls, then please visit the firefox homepage and get the official, non-optimized build.

Features

  • Highly optimized for current processors
  • 100% Firefox sourced: As safe as the browser that has seen years of development.
  • Uses slightly less memory because of disabled redundant and optional code
  • Significant speed increases for page drawing and script processing
  • Support for SVG and Canvas
  • Support for Firefox extensions, themes and personas

What's New

Changes/fixes:

  • Removed site-specific override for Amazon.com due to breakage.
  • Fixed script timeout values that were inadvertently overridden in branding.
  • Fixed an issue where empty MIME type registrations would break some parts of the UI.
  • (Linux only) Pasting URLs to content now by default does not navigate to that URL.
  • If content-paste-navigation is enabled (via middlemouse.contentLoadURL), navigation is now restricted to pasting to active body type elements (to prevent unwanted navigation when pasting URLs to input boxes, for example).
  • Fixed a problem with JS modules preventing ExportEntries from working.
  • (Linux only) Fixed a build issue when building with a system-supplied cairo library (unsupported).
  • Fixed an issue where workers could lock up the browser with SetInterval with an out-of-bounds (too small) value. This is now clamped to 4ms matching the HTML spec.
  • Fixed a few usability issues with the built-in developer tools.
  • Fixed a potential crash in web workers.
  • Fixed a potential overflow issue in image maps.
  • Fixed a potential security issue with multi-part/mixed content (CVE-2024-1551).
  • (from this point forward we will no longer list UXP Mozilla security patch summaries as they are mostly irrelevant)

Pale Moon 33.0

This is a new milestone release. It involves over 250 commits, of which the most important ones are highlighted here.

New features:

  • Implemented a restricted version of the asynchronous clipboard API (navigator.clipboard). This API is restricted to writing only for obvious security considerations. It supports both plaintext and the standard DataTransfer methods. We did not implement the reinvented wheel concept of ClipboardItem objects.
  • Implemented support for SHA-2 (SHA-256/SHA-512/etc.) signatures for OCSP stapled responses.
  • Implemented an option (Found in Preferences -> Content -> Media tab (new this version)) to restrict DOM full-screen mode to the existing browser window.
  • Implemented several options in a new preferences tab (Preference -> Privacy -> Tracking) to allow users to more easily control several privacy-impacting features, namely poisoning of canvas data (to prevent fingerprinting), and enabling of Performance observers (a developer feature) that some websites rely on for their operation.
  • Implemented PromiseRejectionEvent. Although this is rarely actually used, some common JS libraries (you know who you are!) use it as a feature level canary and start loading (broken!) Promise shims if it is not found, causing compatibility issues and broken websites due to the shims.

Fixes:

  • Aligned microtasks and Promises scheduling with the current spec and expected behavior.
  • We now no longer send click events to top levels of the document hierarchy when using non-primary buttons (use auxclick, instead, to capture these events).
  • Greatly improved the performance of box shadows.
  • Greatly improved the performance of file/data uploads over HTTP/2 (most of the secure websites out there).
  • Fixed several issues related to focus and content selection.
  • Fixed issues with the use of focus-within caused by unexpected processing of DOM events.
  • Fixed an issue with CSP not behaving as-expected when using importScripts(), and fixed a number of additional CSP-related issues.
  • Fixed a web compatibility issue with CORS preflights not sending the original request's referrer policy or referrer header.
  • Fixed a spec compliance issue with StructuredClone.
  • Fixed a crash due to clamping code introduced for SetInterval and SetTimeout timers.
  • Fixed crashes when dynamic imports are canceled (e.g. by navigation).

Other changes:

  • Changed to now have its .files property be writable following a spec change and recommendation.
  • We are now requiring and building against the C++17 language standard.
  • Updated the in-tree ffvpx lib to 6.0.
  • Added a preference to allow users to completely disable reporting of CSP errors to webmasters. Using this is strongly discouraged as it will provide essential troubleshooting information to webmasters setting up CSP, and does not pose a privacy issue, but for those who really want it, it can now be fully disabled. The preference is security.csp.reporting.enabled.
  • Updated the IntersectionObserver interface to now also accept documents for the observer root instead of only HTML elements.
  • Cleaned up various bits of code surrounding GMP, memory allocation, system libraries, vestigial Android code, freetype2 and developer tools.
  • Improved efficiency of handling D3D textures.
  • Added initial and experimental Mac PowerPC and Big Endian support.
  • Changed the behavior of hung scripts. We now automatically terminate them instead of presenting the user with a dialog box (which may or may not show in a reasonable time if the browser is too busy trying to process the hung script). If you prefer the old behavior, uncheck the box "Automatically stop non-responsive scripts" in Preferences -> Content -> General
  • Security issues addressed: CVE-2024-0746, CVE-2024-0741, CVE-2024-0743 DiD, CVE-2024-0750 DiD, and CVE-2024-0753.
  • UXP Mozilla security patch summary: 3 fixed, 2 DiD, 12 not applicable.