Software-update: Pale Moon 33.9.1

Versie 33.9.0 van Pale Moon is uitgekomen. Deze webbrowser is ooit begonnen als een fork van Mozilla Firefox. Door optimalisaties voor moderne hardware en het weglaten van Accessibility-features en Parental Controls presteerde hij toen een stuk beter. Ook was er een 64bit-versie beschikbaar, ruim voordat Mozilla deze zelf aanbood. Intern werkt het op Goanna, een van Mozilla's Gecko afgeleide browserengine. De browser is beschikbaar voor Windows, Linux en macOS, en als bèta ook voor FreeBSD. De download van Pale Moon is alleen in het Engels; een apart Nederlands taalbestand is beschikbaar. Tegenwoordig is het ook vanuit de Microsoft Store te installeren. In deze uitgave zijn enkele bugs en beveiligingsproblemen verholpen:

Changes/fixes:

• Temporarily backed out the implementation of CSS Cascade Layers for causing layout issues on websites. This will re-land when fixed.
• Temporarily backed out the implementation of CSS color-mix for causing crashes. This will re-land when fixed.
• Per request from our user base, the blank page with the Pale Moon logo (default for new tabs) will now have an appropriate title (for e.g. identification in tab and window title).
• Further improved the "copy as cURL" devtools function. (CVE-2025-11713)

Implementation notes:

• There was one reported security issue (CVE-2025-11712) that was investigated but rejected, as adoption of the mitigation for a non-critical sec issue that requires very specific environments to be exploited (with considerable blame for the webmaster) would, in fact, require us to go against some very clear specifications in the HTML standard. Mozilla adopted this primarily for behavioral parity with Chrome. Security impact in the real world was considered to be negligible, and this would have negatively impacted some NPAPI functionality as well.
• The vast majority of this release cycle's Mozilla security issues centered around vulnerabilities due to its multi-process nature and inter-process communication, which are (of course) not applicable to Pale Moon (or any other UXP browser). Multi-process remains mainstream browsers' Achilles' heel, security wise, even years after moving to that application model. It's ironic that the supposed "big security advantages" of multi-process have been more than undermined by the technology itself.