Updates 10/21/25 - Pale Moon

PaleMoon v33.9.1 (2025-10-21)

https://www.palemoon.org/releasenotes.shtml

This is a bugfix and security update.

Changes/fixes:

• Temporarily backed out the implementation of CSS Cascade Layers for causing layout issues on websites. This will re-land when fixed.
• Temporarily backed out the implementation of CSS color-mix for causing crashes. This will re-land when fixed.
• Per request from our user base, the blank page with the Pale Moon logo (default for new tabs) will now have an appropriate title (for e.g. identification in tab and window title).
• Further improved the "copy as cURL" devtools function. (CVE-2025-11713)

Implementation notes:

• There was one reported security issue (CVE-2025-11712) that was investigated but rejected, as adoption of the mitigation for a non-critical sec issue that requires very specific environments to be exploited (with considerable blame for the webmaster) would, in fact, require us to go against some very clear specifications in the HTML standard. Mozilla adopted this primarily for behavioral parity with Chrome. Security impact in the real world was considered to be negligible, and this would have negatively impacted some NPAPI functionality as well.
• The vast majority of this release cycle's Mozilla security issues centered around vulnerabilities due to its multi-process nature and inter-process communication, which are (of course) not applicable to Pale Moon (or any other UXP browser). Multi-process remains mainstream browsers' Achilles' heel, security wise, even years after moving to that application model. It's ironic that the supposed "big security advantages" of multi-process have been more than undermined by the technology itself.

--------------------

Available via the internal updater:   Help / Check for Updates

or Full downloads:   Pale Moon for Windows downloads