Pale Moon 27.4 is out

Pale Moon 27.4 has been released by the team responsible for the web browser, and is now available for direct download and automatic update.

The new version of the browser introduces new features and changes to it; existing users may notice that most of the media streaming issues that some experienced should be fixed in this releaseĀ  for instance.

Since Pale Moon 27.4 fixes several security issues as well, it is highly recommended to update the browser to the latest version as soon as possible to address those.

Interested users can download the latest version of Pale Moon 27.4 from the official project website; existing users may select Pale Moon > Help > About Pale Moon to run a check for updates from within the browser.

Tip: Check out our review of Pale Moon 27 as well.

Pale Moon 27.4

pale moon 27.4

The team continued its work on the Media Source Extensions code, re-worked it, so that it is now spec compliant and asynchronous for MSE with MP4. The change should improve playback on the majority of video sites out there including YouTube, Twitch and Vimeo.

New preferences were added to the options of Pale Moon that give users control over Media Source Extensions in the browser.

pale moon media source extensions

Go to Pale Moon > Options > Content, and look for the Video group of preferences on the page that opens.

You may disable Media Source Extensions completely, or disable MSE for MP4, or asynchronous support there.

Pale Moon 27.4 supports a new preference, media.block-play-until-visible, that users may enable to block video autoplay if the video that plays on a page is not in the visible view area.

This needs to be configured on about:config, and is set to false. False means that videos will not be blocked from being played automatically if they are embedded in a non visible part of the web page.

Read also:  Pale Moon profile backup tool

pale moon security protocols

Another option that has been added to the options is control over the security features Strict Transport Security (HSTS) and Certificate Key Pinning (HPKP).

Pale Moon users find options to disable these security protocols under Options > Security.

The remaining changes resolve issues in the browser, add or improve support for new Web features, or improve Pale moon in other ways. The importing of bookmarks for instance picks up tags now from HTML bookmarks files if they exist, about:support features more information, and the Pale Moon Developer Tools support a new filter URLs option in the network panel.

Some libraries have been updated to improve security and performance on top of that.

Pale Moon 27.4 Security changes

Pale Moon 27.4 fixes reported security vulnerabilities in the browser. It also improves the defense of the browser against threats further -- an ongoing project that the team calls DiD, Defense-in-Depth.

DiD This means that the fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code when surrounding code changes, exposing the problem.

Closing Words

Pale Moon 27.4 is an important update that users of the web browser should install asap. It fixes several known security vulnerabilities, adds more controls to the browser, and improves support when it comes to streaming video on the Internet.

Now You: Have you tried Pale Moon recently? What's your take on the browser?

Article Name
Pale Moon 27.4 is out
Pale Moon 27.4 has been released by the team responsible for the web browser, and is now available for direct download and automatic update.
Ghacks Technology News

Please share this article


Filed under:

Responses to Pale Moon 27.4 is out

  1. Appster July 14, 2017 at 8:47 am #

    Good to see that the Pale Moon team is actively working on the browser. I am quite sceptical regarding its future though, since Mozilla is in the process of abandoning technologies the Pale Moon team tries to keep afloat (such as XUL/XPCOM, NPAPI, single process browsing...). Next year is going to be interesting for sure.

    • Jody Thornton July 14, 2017 at 4:28 pm #

      It certainly will be. I am bouncing between the Nightly v56 (which actually is quite nice), and Pale Moon, which is still working for me for now. But I'm just being cautious and ready to jump to whatever is next.

  2. Nili July 14, 2017 at 11:01 am #

    Always glad to use this browser. I would have been on Chrome now if it wasn't for Pale Moon around.
    Thanks Moonchild and his team for their hard work.

  3. Lucas S. July 14, 2017 at 11:12 am #

    As much as I would love to use it as my day to day browser, I'm always worried about the fact that they are such a small team that they might not be able to fix bugs/leaks/0-day stuff that even some big companies take some time to fix.

    • Corky July 14, 2017 at 11:21 am #

      Personally I'd trust a small team more than some of the multinational companies, not only do they react quicker to vulnerabilities but because the software normally has a smaller user base it presents a smaller target to ne'er do wells.

      You only have to look at how long it's taken some of the big companies to fix known vulnerabilities to realise they care more about public image than keeping customers safe.

    • Ron July 15, 2017 at 4:21 am #

      I've been using it for over 5 years and this has never been a problem.

  4. WindowsBackdoorTrojanInstaller32.exe July 14, 2017 at 1:25 pm #

    2010 called and wants it's user interface back.

    • TianlanSha July 14, 2017 at 1:45 pm #

      You must be a professional comedian. xD

    • Jody Thornton July 14, 2017 at 4:31 pm #

      Well I like using it with the FoxE9 plugin (to give Pale Moon an IE 9 like appearance. Pretty snazzy actually. But Firefox Nightly is looking nicer with the Photon progress. Plus as long as I'm able to use UserChrome code to place the tab bar below the address bar, I'll be happy.

    • Nightfall July 15, 2017 at 2:00 am #

      No, we can keep that advanced, customizable interface.

  5. kalmly July 14, 2017 at 2:22 pm #

    Trying to avoid changes to FF, I've stuck with version 50.0.2, but lately it has been giving me grief, hanging, freezing, etc. So I started back with Pale Moon, which I gave up some time ago because of issues with Flash. Whenever I need Flash, I have to go back to FF. Sigh. Guess I'll update Pale Moon and try once more to get Flash to work.

    • Jody Thornton July 14, 2017 at 4:29 pm #

      How is it that you're not getting Flash to work with Pale Moon? I'm using v27.4 and Flash works on my system.

  6. kalmly July 14, 2017 at 2:59 pm #

    Aaannd. There went FF, just as I finished above post.

  7. JamesK July 15, 2017 at 12:31 am #

    How do you change the default User Agent String in Pale Moon ?

    It used to be easy to change via About:Config --- but now that does not work anymore

    The default User Agent string seems to "fingerprint" Pale Moon users ... because PM is an unusual browser relative to what most people use on the web.

    • satrow July 15, 2017 at 5:04 pm #

      There are three compatibility UA modes built-in: Native, Gecko and Firefox, these can be changed on the fly, a page refresh will activate the change: (Alt) Tools > Options > Advanced tab > General > Compatibility.

      I find Native is fine for ~95% of my browsing, which can vary enormously from day to day. Go to about:config and type useragent into the filter bar and you'll see that there are already a number of modified User Agents added on a per site basis that you could use as a basis for adding a new string to 'fix' a problematic site.

  8. Steffo July 15, 2017 at 4:14 am #

    Palemoon is a failure today. Buggy as **** !

    • Tom Hawack July 15, 2017 at 1:59 pm #

      Pale Moon is far less buggy than PaleMoon :)

  9. JamesK July 15, 2017 at 6:51 pm #

    @satrow "...UA modes built-in: Native, Gecko and Firefox, these can be changed..."

    ...but all 3 UA Modes produce a string with "PaleMoon/27.4.0" included

    how does one get a user-selectable string... without the PaleMoon fingerprint ?

    • George July 15, 2017 at 7:27 pm #

      You might want to search for an extension to do that, I'm sure there are many available (uMatrix does it for example, although it's not its main function).

      It's not the browser's job to fake its own user-agent string. You are on the Internet, of course you'll leave a "fingerprint". If someone wants to locate you, I seriously doubt you'll confuse them by faking your user-agent string...

    • Richard Allen July 15, 2017 at 10:15 pm #

      Worked for me on three different websites.

      general.useragent.override - string - Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.9) Gecko/20100101 Firefox/45.9

  10. Max July 17, 2017 at 12:15 am #

    Cool browser. Been using heavily it for the past couple of years - since ditching Firefox - with very few problems.

Leave a Reply