Leaderboard

... And despite all recent incidents involving Mr. Matt A. Tobin and Moonchild Productions in general, there still exist people who post in the official Pale Moon forums questions related to Feodor2's MyPal and @roytam1's New Moon forks: https://forum.palemoon.org/viewtopic.php?f=4&t=22110 These "people" are only doing a disservice to the XP and Vista communities benefiting from the continued existence of these forks and they must be stopped from continuing such an infantile and foolish behaviour; the only unwanted effect they'll cause is more aggravation for the MCP devs, more hostility towards the maintainers of the forks and their users! Who in his/her right mind would go to the official Pale Moon community (devs+users) forum and query about third-party "unsupported" forks running on OSes that the mere mention of their names would cause those people to throw a hissy fit? Please, anyone here with a PM forum account (I know several exist) contact that @DJboutit individual and try to talk some sense into him/her . We can't risk any additional animosity from the upstream devs !

If you would've told a costumer from 2001 that their purchase of Windows XP would get updates until 2019 they would not believe you! Yet, here we are with a new patch out of the regular POSReady 2009 support window

It says that "The vulnerability doesn't affect Windows 8.1 or 10 (or Server variants starting with 2012), but it does affect Windows 7, Windows Server 2008 and 2008 R2". Windows Server 2008 R2 is based on Windows 7, but the 2008 version is based on Vista, so I'm pretty sure that Vista is also affected.

It seems to be fine. IE8 with HTTPSProxy.

I tested and .NET Framework 4.6.2 Preview (not stable version, preview version of the 4.6.2) runs on Vista and installation is pretty smooth. But stable version of the .NET Framework 4.6.2 cannot be installed to the Vista.

Wannacry update was offered for regular XP SP3, and now, we also have new update for XP https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708 I'm a bit surprised, but happy afterall. Thought I will be the disciple of a good news, but you wee faster, guys.

newer MSO.DLL updates for Office 2010 are okay for Vista as v6.0.6002.x of the kernel32.dll file (even Vista SP2 RTM like 6.0.6002.18005) does include the GetDateFormatEx function as I checked this myself using Dependency Walker (depends.exe). minimum requirement for Office 2010 on Vista is Vista SP1 though seems like the safe version for XP users is still the KB4092483 mso.dll security update from Oct. 2018.

So this new XP update. There are two flavors - Security Update for Windows XP SP3 (KB4500331) - Windows XP and 2019-05 Security Update for WES09 and POSReady 2009 for x86-based Systems (KB4500331) - Windows XP Embedded Which one am I now? Through Nov 2014 I was XP. Since then I've been a cash register. What's your guidance?

I don't really have any constructive criticism to offer, but I would like to give @roytam1 a big THANK YOU for your work on these browsers! You are appreciated!

Hey - party's not over. Here's a beer!

The first Firefox Quantum version in the release (stable) channel was v57.0; 60.0esr was the first Quantum version in the ESR branch (update channel); latest ESR build is now 60.6.3esr, to be soon followed by 60.7.0esr (currently in the "candidates" stage) ...

Or you can install ProxHTTPSProxy v1.5, which supports TLS 1.3:

Remotely relevant, but in all three of New Moon 28, Serpent 52.9.0 and Serpent 55.0.0 I have installed the XUL extension Add to Search Bar: https://firefox.maltekraus.de/extensions/add-to-search-bar Last version 2.9 can be found inside CAA (caa:addon/add-to-search-bar)

Yes, it really works. And the only place on the Internet where you can find the neccessary installation file is archive org site. https://archive.org/details/NDP462KB3120735X86X64AllOSENU

One can hide such remaining warnings (generated by UNSIGNED installed extensions) via CSS code . If you already have a userstyles manager installed (e.g. the XUL version of Stylish [2.0.7-2.1.1] or Stylem 2.2.4), create a new userstyle named "AOM -> Add-ons list: Supress "unverified" add-on warnings" with code: @-moz-document url-prefix(chrome://mozapps/content/extensions/extensions.xul), url-prefix(about:addons) { .warning { visibility: collapse !important; } } This should have an immediate effect; if you don't want to install a userstyle manager, then you can go the userChrome.css route: 1. Locate your profile directory (about:support => Application Basics => Profile Folder => open Folder) and create a text file with path "./chrome/userContent.css" ("./" means the root of your profile folder); the "chrome" subdir may or may not be already present; if not, create it yourself! 2. Open file userContent.css, paste the CSS code posted above and save the file, taking care not to have a ".txt" file extension after saving it. The effect of the CSS code should become apparent after a browser RESTART! In the event you have Classic Theme Restorer installed in FxESR 52, that extension already comes with a setting to hide AOM warnings...

While true, I still think that this is a good option to do for the greater good. Right now, the links are accessible only to those logged in on the MSFN forum. If the forum goes down or something happens to the file, they may be lost forever. I myself have gathered all the POSReady updates with their respective links available in the MS Catalog from 2010 to now, but have not managed to archive the older links yet. In case of many Windows 2000 (and older) updates, some of them did actually "vanish", and we have no access to the files any more. Only the broken URLs remain. This is especially true for updates for the less popular language versions of Windows.

I think that it may be beneficial to create a new topic with all the links listed directly in the post instead of a text file. This way they could be indexed by search engines, and also hopefully grabbed by the Wayback Machine while they are still functional.

I suspect they're the same thing, I downloaded the two files, and they are only 4 bytes different in size! The "payload" stuff is indeed the same. What is different is the catalog file, because it is signing the files branches.inf and update_SP3QFE.inf. These inf files contain slightly different timestamps between the versions. The other interesting difference is that the update_SP3QFE.inf file for the plain-XP version does not have the Prerequisite section that is present in the posready version; that section is what restricts the update from being applied to plain XP. Since that section is missing from the plain version, wouldn't those who did the reghack be able to use either version without modifications?

Here's the deal: 1. FxESR 52.9.0[1] by default comes with the pref xpinstall.signatures.required set at true; this means that extension signing is by default enabled, much like in the release branch (stable versions 52.0/52.0.1/52.0.2). With that default setting, you can't install (of course) unsigned extensions. But all valid and signed already installed extensions will fail to be verified and will be disabled by the browser, due to the expired intermediate certificate (which is used in the certificate chain to validate signed extensions). Additionally, you won't be able to install further new signed addons or reinstall already existing signed ones (XUL extensions from alternative archives and compatible WEs directly from AMO) because their signature can't be validated! 2. For the group of users that have toggled xpinstall.signatures.required to false, what Mozilla dubbed as "armagaddon 2.0" will manifest itself in the following manner: a. Already installed signed extensions will fail to have their signature validated but won't be disabled by the browser; instead, Addons Manager will display the orange security warnings mentioned by @Dave-H that they "... couldn't be verified for use in Firefox" and that you should "Proceed with caution" (wording cited from memory). b. People often misunderstand that xpinstall.signatures.required;false nullifies extension signing; this is not correct; what that setting does is allow the user to install UNSIGNED extensions; but already signed extensions still need to have their signature validated upon (re-)install; so, much like case 1.) above, you can't install any additional signed extensions on your 52.9.x Firefox instance with the expired intermediate certificate! TL;DR: You do need to install the new intermediate certificate (due to expire in 2025) in all legacy firefox versions 47 - 56: https://addons.mozilla.org/en-US/firefox/addon/disabled-add-on-fix-52-56/ (actually, this is applicable to fx 47 - 60, as one can see in its install.rdf file) PS: NOT ALL signed extensions were affected by "armagaddon 2.0"; but the majority of the ones affected were of the WE type (in Fx <=56.0).

I think I discovered why we have received a new update. https://www.theverge.com/platform/amp/2019/5/14/18623708/zombieload-attack-intel-processors-speculative-execution EDIT - I was wrong This is why https://www.zdnet.com/article/microsoft-patches-windows-xp-server-2003-to-try-to-head-off-wormable-flaw/

I think it's a testament to what a great OS XP is. They're pushing updates, because people are still using it. An operating system from 2001 still has a market share of roughly 1.6%, is that not crazy?

Use the one on top, dated 05.11.2019

The party will never end!

The updates for May reportedly address the "unconstrained delegation" issue, which may have been the dog that bit you (see KB4499149 and KB4499180). There is also KB4474419 for SHA-2 code signing support. It is unclear to me whether this could benefit Vista at all, but those who are actually running Server 2008 will need it to continue receiving Windows updates until January (see 2019 SHA-2 Code Signing Support requirement for Windows and WSUS). And of course there is a cumulative security update for IE9 (KB4498206).

A security update has been released for Terminal Server Driver (via Microsoft Catalog only) http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/04/windowsxp-kb4500331-x86-embedded-enu_8aee1065d848661cbbf5a5b5b21d94803247741e.exe

2019-05 Actualización de seguridad para WES09 y POSReady 2009 para sistemas basados en x86 (KB4500331) Actualización de seguridad de Windows XP SP3 para XPe (KB4500331) https://support.microsoft.com/en-us/help/4500331/windows-update-kb4500331

Here is an updated list of updates with links. Updates.zip