Pale Moon 26.0 has been released

Martin Brinkmann
Jan 26, 2016
Updated • Jun 26, 2017
Internet, Pale Moon

Pale Moon 26.0 has been released. The new version of the web browser is the first in which the switch to Goanna, the new rendering engine that is closely related to Gecko but not the same, is completed.

When it comes to Firefox-based browsers, it is probably Pale Moon that is the most popular in terms of users but also news coverage around the web. While you could argue that SeaMonkey is more popular, it is more than just a browser and at least somewhat pushed by the fact that it is offered on Mozilla's official website.

Pale Moon 26.0 ships with the Goanna rendering engine. While most users may not notice any changes whatsoever after updating to version 26.0 of the web browser, some may notice issues. This is to be expected considering that switching rendering engines is quite the major undertaking in the browser world.

The Pale Moon team asks users of the browser to report any issues that they may experience, for instance on sites that worked just fine in previous versions of the browser but not in Pale Moon 26.0, to report these issues so that they can be investigated and hopefully corrected.

pale moon 26

Another change, this one understandable but not as pleasant for some users of the browser, saw the reduction of supported languages to "a little over 30". The Pale Moon project started to do full translations in-house and due to a lack of translators for less-common languages, cannot offer translations for these languages right now.

Pale Moon 26.0 changes

Lets take a closer look at some of the other changes and fixes in version 26 of Pale Moon.

One interesting feature that the team added to the new version is called conservative image decoding. Basically, what it does is implement lazy image loading decoding images only when they are in view. This should improve memory use on pages with images below the fold, and the load performance of image-heavy web pages.

  • Support for the WebP image format was added to Pale Moon. Other graphics-related improvements include properly scaled EXIF rotated JPEG images, support for different WebGL texture formats, improved scaling of vector images and more.
  • A second control of autoplaying media has been added. This one takes care of scripted content, and is enabled by default (meaning scripted media is allowed to play automatically). You can disable this by loading about:config, searching for media.autoplay.allowscripted and setting the preference to false by double-clicking on its name.
  • Improved the handling of "very large" numbers of tabs.
  • Added CSS queries that theme designers can make use of to determine the operating system the browser is run on to make OS-specific changes to the theme.
  • The browser user interface has been updated making it more in line with the operating system it is run on.

Several security updates went into Pale Moon 26.0 as well. The team added an active XSS filter which checks for cross-site scripting attacks and blocks these attacks automatically.

Pale Moon users can control the feature in the options under security.

pale moon xss filter

Support for 128-bit Camellia-GCM ciphers has been added, and several root certificates have been distrusted.

Additional information about the feature is available on the Pale Moon forum.

You can check out all changes in Pale Moon 26.0 on the release notes page.

Pale Moon 26.0.2

On February 3, 2016, Pale Moon 26.0.2 was released. It is a security, bug fix and web compatibility update.

  • Removed the sanity check for unsupported point-of-sale XP-based operating systems by user request.
  • Please see the forum for information on which operating systems we can reasonably support.
  • Changed the way "transparent" is handled in Goanna to improve transparent gradients using this keyword.
  • Made sure that dom.disable_beforeunload is predefined in about:config.
  • Fixed web compatibility issues with Youtube, Youtube Gaming, Yuku fora and Netflix.
  • Fixed web compatibility with Comcast/XFinity webmail and other sites or web applications that expect older JavaScript versions as default.
  • Reinstated the about:config warning by default.
  • Updated NSS to to fix a potential UAF and CVE-2015-7575.
  • Crash fix: Prevented queueing multiple media sources that could lead to unsafe memory access.
  • Prevented unsafe memory manipulations in zip archives. (CVE-2016-1945) DiD
  • Prevented a potential buffer overflow in WebGL. (x64 only) (CVE-2016-1935) DiD
  • Updated the way binaries are code-signed. Not only does v26.0 use a new SHA256-signed digital certificate, but starting this version will also be signed with both SHA1 and SHA256 digest algorithms to satisfy later Windows' code-signing requirements.
  • Fixed 2 potential browser crashes.

Pale Moon 26.0.3

Pale Moon 26.0.3 was released on February 5, 2016. It made the following changes to the browser:

  • Changed our cookie gate to allow cookie names with spaces in them, to improve web compatibility.
    Critical note: if your site uses cookie names with spaces in them, please consider moving away from doing that so you are no longer in the "grey" area of cookie behavior.
  • Changed the configuration of our XSS filter to address some known, harmless filter hits that have been reported.

Pale Moon 26.1

Pale Moon 26.1 was released on February 16, 2016. It is a compatibility, stability and bugfix release:

  • Disabled our ES6 Promise implementation introduced in 26.0 since there were some severe issues with its implementation that caused a lot of inexplicable failures on websites
  • Improved website compatibility with many sites and web applications by making our cookie gate less strict.
  • Fixed web compatibility with Google Hangouts and Yahoo Calendar.
  • Changed the memory allocator on Windows platforms to a much more modern full-library implementation of jemalloc, with miscellaneous additional fixes. This should fix issues like "huge animated gif choking" and inexplicable pauses when using many tabs, scrolling (extremely) long pages, or viewing media.
  • Fixed a few rare crashing issues on Windows due to the build process.
  • Reduced so-called "jank" on inner frame scrolling reflows.
  • Extension compatibility: partial implementation of Firefox 26 download js modules as shims. this should make more Firefox extensions compatible with us out-of-the-box
  • Added a "superstop" key combination (Shift+Esc) that will stop all (foreground and background) network activity, stop animated gifs etc.
  • Updated NTLM authentication
  • Updated the default theme to tweak/improve it some more.

Pale Moon 26.1.1

Pale Moon 26.1.1 was released on February 24, 2016. It is a stability and extension compatibility update.

  • Improves compatibility a number of Firefox extensions.
  • Improved memory handling to address "the memory inflation issue" that some Pale Moon users experienced on version 26.0.
  • Improved YouTube compatibility giving users the choice to use the Flash or HTML5 player on the site.

Pale Moon 26.2

Pale Moon 26.2 was released on April 5, 2016. It is a major update and bugfix release.

  • Gstreamer 1.0 support has been implemented and enabled by default on Linux
  • Updated UA overrides and XSS configuration to deal with some problematic sites.
  • Mousewheel supports horizontal scrolling now.
  • about:sessionrestore uses the full screen to display information now.
  • Several bug- and security fixes, including several crash fixes.

Pale Moon 26.2.1

Pale Moon 26.2.1 was released on April 8, 2016. It fixes an issue with keyboard navigating the user interface.

Pale Moon 26.2.2

Pale Moon 26.2.2 was released on May 10, 2016. It is a "mainly" a security update but fixes several crash issues as well.

Pale Moon 26.3

Pale Moon 26.03.0 was released on June 21, 2016. The new version includes six security updates and the following changes:

  • Detection for dark themes on Windows 10, and better Windows 10 theme integration.
  • HTML5 Media volume preference added and controlled by the preference media.default_volume. Default is 1.0 which means 100% volume.
  • HTML5 Media controls updated. They feature a horizontal volume control on all media now.
  • Minimum limit for places entries is 10,000.
  • Various architecture improvements.

Pale Moon 26.3.1

Pale Moon 26.3.1. was released on June 25, 2016. It is a bug fix release mostly that fixes smaller issues including compatibility issues with Google Web Fonts.

Pale Moon 26.3.2 (Windows only)

Pale Moon 26.3.2 was released on June 27, 2016. It fixes two issues, one on Windows 8 the other on Windows 10. Additionally, the portable version was switched to a non-compressed binary format to avoid issues with antivirus and security software.

Pale Moon 26.3.3

Pale Moon 26.3.3 was released on July 1, 2016. It fixes an issue on Windows 10 that could cause text to be white on white, and another issue where news feed would not show up when embedded on web pages.

Also, removed a security policy directive that was causing issues on some sites.

Pale Moon 26.4.0

Pale Moon 26.4.0 was released on August 17, 2016. The new release removes Google Search as a bundled search provider. Pale Moon users may still add it to the browser if they want to use Google Search.

The release features some component updates, crash fixes, and security fixes on top of that.

Pale Moon

A Linux-only release that uses GStreamer for video support to prevent crashes when playing some HTML5 videos.

Pale Moon 26.4.1

The new version fixes two security issues and fixes some bugs. It fixes a crash in the XSS filter among other things.

Pale Moon 26.5.0

Pale Moon 26.5.0 was released on September 28, 2016. The release fixes several security issues in Pale Moon, hardens the browser's security in several ways, and several other fixes. Particularly, it adds a breaking Content Security Policy change.

when a page with CSP is loaded over http, Pale Moon now interprets CSP directives to also include https versions of the hosts listed in CSP if a scheme (http/https) isn't explicitly listed. This breaks with CSP 1.0 which is more restrictive and doesn't allow this cross-protocol access, but is in line with CSP 2 where this is allowed.

software image
Author Rating
4 based on 24 votes
Software Name
Pale Moon
Software Category
Landing Page

Tutorials & Tips

Previous Post: «
Next Post: «


  1. ilev said on August 4, 2012 at 7:53 pm

    Doesn’t Windows 8 know that www. or http:// are passe ?

    1. Martin Brinkmann said on August 4, 2012 at 7:57 pm

      Well it is a bit difficulty to distinguish between domains and files for instance.

    2. Leonidas Burton said on September 4, 2023 at 4:51 am

      I know a service made by google that is similar to Google bookmarks.

  2. VioletMoon said on August 16, 2023 at 5:26 pm

    @Ashwin–Thankful you delighted my comment; who knows how many “gamers” would have disagreed!

  3. Karl said on August 17, 2023 at 10:36 pm


    The comments section under this very article (3 comments) is identical to the comments section found under the following article:

    Not sure what the issue is, but have seen this issue under some other articles recently but did not report it back then.

  4. Anonymous said on August 25, 2023 at 11:44 am

    Omg a badge!!!
    Some tangible reward lmao.

    It sucks that redditors are going to love the fuck out of it too.

  5. Scroogled said on August 25, 2023 at 10:57 pm

    With the cloud, there is no such thing as unlimited storage or privacy. Stop relying on these tech scums. Purchase your own hardware and develop your own solutions.

    1. lollmaoeven said on August 27, 2023 at 6:24 am

      This is a certified reddit cringe moment. Hilarious how the article’s author tries to dress it up like it’s anything more than a png for doing the reddit corporation’s moderation work for free (or for bribes from companies and political groups)

  6. El Duderino said on August 25, 2023 at 11:14 pm

    Almost al unlmited services have a real limit.

    And this comment is written on the dropbox article from August 25, 2023.

  7. John G. said on August 26, 2023 at 1:29 am

    First comment > @ilev said on August 4, 2012 at 7:53 pm

    For the God’s sake, fix the comments soon please! :[

  8. Kalmly said on August 26, 2023 at 4:42 pm

    Yes. Please. Fix the comments.

  9. Kim Schmidt said on September 3, 2023 at 3:42 pm

    With Google Chrome, it’s only been 1,500 for some time now.

    Anyone who wants to force me in such a way into buying something that I can get elsewhere for free will certainly never see a single dime from my side. I don’t even know how stupid their marketing department is to impose these limits on users instead of offering a valuable product to the paying faction. But they don’t. Even if you pay, you get something that is also available for free elsewhere.

    The algorithm has also become less and less savvy in terms of e.g. English/German translations. It used to be that the bot could sort of sense what you were trying to say and put it into different colloquialisms, which was even fun because it was like, “I know what you’re trying to say here, how about…” Now it’s in parts too stupid to translate the simplest sentences correctly, and the suggestions it makes are at times as moronic as those made by Google Translations.

    If this is a deep-learning AI that learns from users’ translations and the phrases they choose most often – which, by the way, is a valuable, moneys worthwhile contribution of every free user to this project: They invest their time and texts, thereby providing the necessary data for the AI to do the thing as nicely as they brag about it in the first place – alas, the more unprofessional users discovered the translator, the worse the language of this deep-learning bot has become, the greater the aggregate of linguistically illiterate users has become, and the worse the language of this deep-learning bot has become, as it now learns the drivel of every Tom, Dick and Harry out there, which is why I now get their Mickey Mouse language as suggestions: the inane language of people who can barely spell the alphabet, it seems.

    And as a thank you for our time and effort in helping them and their AI learn, they’ve lowered the limit from what was once 5,000 to now 1,500…? A big “fuck off” from here for that! Not a brass farthing from me for this attitude and behaviour, not in a hundred years.

  10. Anonymous said on September 28, 2023 at 8:19 am

    When will you put an end to the mess in the comments?

  11. RIP said on September 28, 2023 at 9:36 am

    Ghacks comments have been broken for too long. What article did you see this comment on? Reply below. If we get to 20 different articles we should all stop using the site in protest.

    I posted this on [] so please reply if you see it on a different article.

    1. RIP said on September 28, 2023 at 11:01 am

      Comment redirected me to [] which seems to be the ‘real’ article it is attached to

  12. RIP said on September 28, 2023 at 10:48 am

    Comment redirected me to [] which seems to be the ‘real’ article it is attached to

  13. Mystique said on September 28, 2023 at 12:13 pm

    Article Title: Reddit enforces user activity tracking on site to push advertising revenue
    Article URL:

    No surprises here. This is just the beginning really. I cannot see a valid reason as to why anyone would continue to use the platform anymore when there are enough alternatives fill that void.

  14. justputthispostanywhere said on September 29, 2023 at 3:59 am

    I’m not sure if there is a point in commenting given that comments seem to appear under random posts now, but I’ll try… this comment is for

    My temporary “solution”, if you can call it that, is to use a VPN (Mullvad in my case) to sign up for and access Reddit via a European connection. I’m doing that with pretty much everything now, at least until the rest of the world catches up with GDPR. I don’t think GDPR is a magical privacy solution but it’s at least a first step.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.