So you probably don't need to do effort to find a 0-day, just browse old Mozilla CVE disclosures.
edit: I'd reply to your response below normally but apparently I don't get to reply to any comments on HN anymore. The reply button has disappeared. When I log out of my 5 year old/458 karma account it's back. I guess my opinion isn't wanted here.
You have a good point there. I bet a least a couple of those are present. But you've also completely missed my point. When looking through the FF known vuln list the vast majority are for things like WebRTC, WebGl, and other attack surfaces that Pale Moon intentionally avoids.
This isn't FUD. You can literally go read the list:
I count over 174 fixed vulnerabilities and stopped at version 48. Yes, some of these might not apply to Pale Moon because they're new vulnerabilities or it has the relevant feature disabled. You think anyone did the work to go through them all? Let alone backport the ones that are relevant?
Mozilla used to do this work for Pale Moon by virtue of still backporting the most important ones (i.e. not all) to ESR38. Not any more. Good luck!
the vast majority are for things like WebRTC, WebGl, and other attack surfaces that Pale Moon intentionally avoids
Pale Moon supports WebGL nowadays. It's needed for a few things like Google Maps to not suck. Of course, the implementation is outdated, which is perhaps what made you think it's not there...
And I'm betting most of the time they succeed. There may be a few weird ones with edge cases that they've screwed up though and some subset of the vulnerability is still possible.
I have pointed out many of these and argued with Pale Moon devs about it. "Moon Child" believes they don't need to apply patches if they can't replicate the PoC from Mozilla's bugzilla.
These are things that are obviously vulnerable and need to be fixed (such as missing bound checks in the XML parser).
If someone ever cared enough to target Pale Moon users they would have an absolute field day with all the known Firefox vulnerabilities they could use.
HN delays the visibility of the reply link on threads that seem to be getting too deep too quickly.