Jump to content
MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. ×

Recommended Posts


On 1/9/2020 at 1:05 PM, roytam1 said:

K-Meleon 74 with Goanna 2.2 archive refreshed with sha384 support:

http://o.rths.ml/gpc/files1.rt/KM74-g22-20180718.win2000.7z

pm26 archive also refreshed: http://o.rths.ml/gpc/files1.rt/palemoon-26.5.0-20180718.win2000.7z

 

Hi roytam1,

Could you please provide an update for the file "palemoon.exe" from pm26xp-no-manifest.7z package also ?

The "refreshed" build of PM26 causing BSOD on my xp sp2 machine due to manifest issue. I can fix the issue by replacing those files from pm26xp-no-manifest.7z package, but "palemoon.exe" seems to be an old version (26.5.0.6699), the newest one is version 26.5.0.7312.

Thank you!

Link to post
Share on other sites
6 hours ago, cloudstr said:

 

Hi roytam1,

Could you please provide an update for the file "palemoon.exe" from pm26xp-no-manifest.7z package also ?

The "refreshed" build of PM26 causing BSOD on my xp sp2 machine due to manifest issue. I can fix the issue by replacing those files from pm26xp-no-manifest.7z package, but "palemoon.exe" seems to be an old version (26.5.0.6699), the newest one is version 26.5.0.7312.

Thank you!

it should be possible to overwrite new build with files from pm26xp-no-manifest.7z without issue.

but anyway it is updated.

Link to post
Share on other sites
23 hours ago, DanR20 said:
On 1/11/2020 at 1:57 AM, roytam1 said:

- Block Nouveau NV96 mesa driver layers acceleration. (b7841e5cf)

Whatever you do, please don't re-block ATI radeon drivers. I'm even getting good acceleration in an old W2k box

... Please understand Roytam1 doesn't block graphics drivers on his own, only upstream do... FWIW, 

https://github.com/MoonchildProductions/Pale-Moon/commit/b7841e5

was pushed to mitigate crashes on Linux, as reported in 

https://forum.palemoon.org/viewtopic.php?f=37&t=23512

But previous commit was reverted by Moonchild on Jan 10th, via

https://github.com/MoonchildProductions/Pale-Moon/commit/b4a6053

... which @roytam1 might've missed by a narrow margin (was published on GitHub at 202001101821UTC) ;
in any case, nothing to fear on Windows... ;) 

  • Upvote 1
Link to post
Share on other sites
48 minutes ago, VistaLover said:

... Please understand Roytam1 doesn't block graphics drivers on his own, only upstream do... FWIW, 

in any case, nothing to fear on Windows... ;) 

Yes that’s true, my comment was meant for the whole MC team since I know some of them are following this thread. Fortunately Roy sometimes reverts changes so if they do get re-blocked I can ask nicely. --).

As I've stated many times before, these latest versions of UXP are what Firefox 52 should have and could have been if the developers took the time to listen to users. 

Edited by DanR20
Link to post
Share on other sites
17 hours ago, Sampei.Nihira said:

Thanks a lot for patching browsers from this dangerous security vulnerability.:thumbup:worship::hello:

Ugh!  I "dislike" posts like this.

I did NOT patch my browser (approx 28.2.2) and I do NOT feel "vulnerable"!

I contend that you are only "vulnerable" if you visit web sites you probably shouldn't be on in the first place  :whistle:

And if you enable JavaScript by default and don't white-list then you INVITE "vulnerabilities".

The ONLY way to TRULY be protected from ZERO-DAY vulnerabilites is to NOT enable JavaScript!

Correct me if I'm mistaken, but aren't *ALL* Zero-Day vulnerabilities spread via JavaScript?

Edited by ArcticFoxie
Link to post
Share on other sites
2 hours ago, ArcticFoxie said:

Ugh!  I "dislike" posts like this.

I did NOT patch my browser (approx 28.2.2) and I do NOT feel "vulnerable"!

I contend that you are only "vulnerable" if you visit web sites you probably shouldn't be on in the first place  :whistle:

And if you enable JavaScript by default and don't white-list then you INVITE "vulnerabilities".

The ONLY way to TRULY be protected from ZERO-DAY vulnerabilites is to NOT enable JavaScript!

Correct me if I'm mistaken, but aren't *ALL* Zero-Day vulnerabilities spread via JavaScript?

But what are you writing?
It is the primary duty of each team to patch zero-Days bugs especially if there are recognized on the wild attacks.

https://securityaffairs.co/wordpress/96181/hacking/cve-2019-17026-firefox-zero-day.html

Regarding javascript you are not at risk (almost never) if they are totally disabled.
But this is impossible take for example this website where you have to enable them, even if only partially, to login.
See my analysis below:

https://webbkoll.dataskydd.net/en/results?url=http%3A%2F%2Fmsfn.org%2Fboard%2F

The Content Security Policy of the website is not implemented.
This means that you may be at risk of XSS attacks.
and also of MITM attacks.
I'll put you on a test to check your XSS protections:

http://www.example.com/>"><script>alert("XSS")</script>&


Mine are perfect:

Mfw7GEGJ_o.jpg

 

Edited by Sampei.Nihira
Link to post
Share on other sites
29 minutes ago, Sampei.Nihira said:

It is the primary duty of each team to patch zero-Days bugs especially if there are recognized on the wild attacks.

Primary duty?  NO, IT ISN'T!

Anybody that runs WinXP (as I do and as you do) is a HYPOCRITE if they feel that ZERO-DAY exploits should be fixed "immediately".

 

If we want to run WinXP, which I wholeheartedly support and run it on FOUR of my FIVE home computers (the fifth runs Win 2003), then we can NOT do that on one hand and shout from rooftops to patch a zero-day on the other hand.  That *IS* the very definition of hypocrisy!

 

But anywhoo...

Link to post
Share on other sites

Not to mention that each browser currently has remote exploitable vulnerabilities, not yet recognized, which could allow to exploit an OS that is no longer patched.

So I also highly recommend that you use also dedicated anti-exploit protection for your browser.
As an additional line of defense in the case of browser bypassing............

Link to post
Share on other sites
3 hours ago, ArcticFoxie said:

aren't *ALL* Zero-Day vulnerabilities spread via JavaScript?

no, it can be anything you received from remote, for example, HTML, CSS, images, videos, audios, etc.

  • Like 1
  • Upvote 1
Link to post
Share on other sites
On 1/12/2020 at 10:07 AM, Sampei.Nihira said:

It is the primary duty of each team to patch zero-Days bugs especially if there are recognized on the wild attacks.

Special message from upstream:

https://forum.palemoon.org/viewtopic.php?f=1&t=23605  :rolleyes:

(and https://forum.palemoon.org/viewtopic.php?p=181666#p181666 )

Edited by VistaLover
Added second link
  • Like 1
Link to post
Share on other sites
  • Dave-H changed the title to My Browser Builds (Part 2)
  • Dave-H unpinned this topic
  • Dave-H locked and pinned this topic
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...