Pale Moon BrowserThanks to
hayc59 at
Calendar of UpdatesPale Moon v27.3.0 Released
04.28.2017A major development update. Many things have changed in the media back-end, but please understand that some things are still a work in progress, and you may still encounter some html5 video playback issues with MSE.Whats New:Changes/fixes:• Fixed up, checked and enabled vertical text writing modes!
• Pale Moon will now be able to display vertical, right-to-left script.
• Added the option to reset non-default profiles.
• Fixed various issues in the WebP image decoder.
• Added internally-supported document types to allowed <embed> types.
• Fixed locale selection in ICU after update to ICU58.
(Note: Pale Moon uses the system locale for date formatting, not the browser locale)
• Re-implemented the previous spellchecker dictionary logic (allow user override of document/element language, improve logic and make it unambiguous).
• Ongoing fixes for the MP4 parser and MSE.
• Made HTML Media Elements' preload attribute MSE-spec compliant.
• The preload attribute on HTML media elements is now ignored in the case of an MSE source. This prevents an issue with sourceopen not firing when preload="none".
• Fixed some issues with Windows WMF media playback.
• Fixed an issue with Synced preferences sometimes overwriting stored individual preferences.
• Fixed display of RSS folder icons.
• Fixed issues with custom context menus.
• Fixed an issue importing bookmarks with separators losing their extra data.
• Changed the way numeric addresses are handled in the address bar so it doesn't perform a search when it shouldn't.
• Added an option (browser.sessionstore.cache_behavior) to control from which source restored tabs pull their page content:
0 = load restored tab data from cache (current behavior, default)
1 = refresh restored tab data from the network
2 = refresh stored tab data from the network and bypass any cached data.
• Improved upon a v27 performance regression with SVG scaling.
• Improved performance by being more selective which CSS animations to process.
As a side-effect, elements changing their display from "none" to something visible now also animate.
• Increased memory allocation for the use of very large PAC files.
• Added menu entries for the permissions manager and improvements to its function and display.
• Added preferences to control "highlight all" behavior of the find bar:
accessibility.typeaheadfind.highlightallbydefault = true/false highlight all found words by default.
accessibility.typeaheadfind.highlightallremember = true/false remember the last-used state of Highlight All.
• Added devtools command-line options.
• Added support for <details> and <summary> HTML tags.
• Fixed a regression in the MSIE profile migrator.
• Removed migration of browser-specific settings when migrating data from IE/Safari.
• Implemented optional parameters for permessage-deflate in preparation for RFC7692 errata making acceptance of them mandatory (and to prevent web compat issues due to the current conflicting text of it).
• Made the image document favicon skinnable.
• Aligned DOM selection addRange with the spec.
• Exposed mozAnon constructor js binding to system scopes for XHR.
• Enhanced form data handling from JavaScript.
Security/privacy changes:
• Updated NSS to 3.28.4-RTM to address a number of issues.
• Added support for RSA-AES(-GCM)-SHA256/384 suites to broaden compatibility.
• Reconfigured networking security: disabled static DHE suites by default, enabled all RSA-AES(-GCM)-SHA256/384 suites in their stead.
• Fixed referrer policy keyword to align with the current spec ("cross-origin" vs "crossorigin").
• Added an option to display punycode domain for IDN websites to combat phishing.
This is enabled by default for domain-validated https sites.
Preference: browser.identity.display_punycode
0 = Display IDN name in identity panel (previous behavior)
1 = Display punycode name for DV SSL domains (default)
2 = Also display punycode for HTTP sites if IDN name used
• Fixed an issue to prevent contacting remote servers when a connection might get blocked.
• Fixed 3 public security flaws in libevent, which may affect Mozilla-based products. DiD
• Fixed several memory- and thread-safety hazards.
• Fixed an address bar spoofing issue. (CVE-2017-5451)
• Fixed a potentially exploitable crash with HTTP/2. (CVE-2017-5446)
• Fixed several security hazards in XSLT processing. (CVE-2017-5438) (CVE-2017-5439) (CVE-2017-5440)
• Fixed several security hazards in old protocols. (CVE-2017-5444) (CVE-2017-5445)
• Fixed out-of-bounds access in text formatting. (CVE-2017-5447)
• Fixed a potentially exploitable issue with innerText. (CVE-2017-5442)
• Fixed a potentially exploitable issue in graphite font shaping.
• Fixed a potentially exploitable crash with credential-authentication.
• Fixed out-of-bounds access with text selection in rare cases.
• Fixed a security hazard in the ANGLE library.
Download Links-Direct .EXE
Pale Moon 27.3.0 Pale Moon 27.3.0 x64 Pale Moon Portable 27.3.0 
Release Notes
