Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 


roytam1

My browser builds (part 2)

Recommended Posts

Share this post


Link to post
Share on other sites

Was that link to an older version of basilisk? Might explain the crashes I was having last night.

Redownloaded today and so far it seems fine but it's only been a few hours. Since this is Windows 7 it could be related to this bug:

https://bugzilla.mozilla.org/show_bug.cgi?id=1606138#c25

Edited by DanR20

Share this post


Link to post
Share on other sites
On 1/9/2020 at 1:05 PM, roytam1 said:

K-Meleon 74 with Goanna 2.2 archive refreshed with sha384 support:

http://o.rths.ml/gpc/files1.rt/KM74-g22-20180718.win2000.7z

pm26 archive also refreshed: http://o.rths.ml/gpc/files1.rt/palemoon-26.5.0-20180718.win2000.7z

 

Hi roytam1,

Could you please provide an update for the file "palemoon.exe" from pm26xp-no-manifest.7z package also ?

The "refreshed" build of PM26 causing BSOD on my xp sp2 machine due to manifest issue. I can fix the issue by replacing those files from pm26xp-no-manifest.7z package, but "palemoon.exe" seems to be an old version (26.5.0.6699), the newest one is version 26.5.0.7312.

Thank you!

Share this post


Link to post
Share on other sites
6 hours ago, cloudstr said:

 

Hi roytam1,

Could you please provide an update for the file "palemoon.exe" from pm26xp-no-manifest.7z package also ?

The "refreshed" build of PM26 causing BSOD on my xp sp2 machine due to manifest issue. I can fix the issue by replacing those files from pm26xp-no-manifest.7z package, but "palemoon.exe" seems to be an old version (26.5.0.6699), the newest one is version 26.5.0.7312.

Thank you!

it should be possible to overwrite new build with files from pm26xp-no-manifest.7z without issue.

but anyway it is updated.

Share this post


Link to post
Share on other sites
23 hours ago, DanR20 said:
On 1/11/2020 at 1:57 AM, roytam1 said:

- Block Nouveau NV96 mesa driver layers acceleration. (b7841e5cf)

Whatever you do, please don't re-block ATI radeon drivers. I'm even getting good acceleration in an old W2k box

... Please understand Roytam1 doesn't block graphics drivers on his own, only upstream do... FWIW, 

https://github.com/MoonchildProductions/Pale-Moon/commit/b7841e5

was pushed to mitigate crashes on Linux, as reported in 

https://forum.palemoon.org/viewtopic.php?f=37&t=23512

But previous commit was reverted by Moonchild on Jan 10th, via

https://github.com/MoonchildProductions/Pale-Moon/commit/b4a6053

... which @roytam1 might've missed by a narrow margin (was published on GitHub at 202001101821UTC) ;
in any case, nothing to fear on Windows... ;) 

  • Upvote 1

Share this post


Link to post
Share on other sites
48 minutes ago, VistaLover said:

... Please understand Roytam1 doesn't block graphics drivers on his own, only upstream do... FWIW, 

in any case, nothing to fear on Windows... ;) 

Yes that’s true, my comment was meant for the whole MC team since I know some of them are following this thread. Fortunately Roy sometimes reverts changes so if they do get re-blocked I can ask nicely. --).

As I've stated many times before, these latest versions of UXP are what Firefox 52 should have and could have been if the developers took the time to listen to users. 

Edited by DanR20

Share this post


Link to post
Share on other sites
17 hours ago, Sampei.Nihira said:

Thanks a lot for patching browsers from this dangerous security vulnerability.:thumbup:worship::hello:

Ugh!  I "dislike" posts like this.

I did NOT patch my browser (approx 28.2.2) and I do NOT feel "vulnerable"!

I contend that you are only "vulnerable" if you visit web sites you probably shouldn't be on in the first place  :whistle:

And if you enable JavaScript by default and don't white-list then you INVITE "vulnerabilities".

The ONLY way to TRULY be protected from ZERO-DAY vulnerabilites is to NOT enable JavaScript!

Correct me if I'm mistaken, but aren't *ALL* Zero-Day vulnerabilities spread via JavaScript?

Edited by ArcticFoxie

Share this post


Link to post
Share on other sites
2 hours ago, ArcticFoxie said:

Ugh!  I "dislike" posts like this.

I did NOT patch my browser (approx 28.2.2) and I do NOT feel "vulnerable"!

I contend that you are only "vulnerable" if you visit web sites you probably shouldn't be on in the first place  :whistle:

And if you enable JavaScript by default and don't white-list then you INVITE "vulnerabilities".

The ONLY way to TRULY be protected from ZERO-DAY vulnerabilites is to NOT enable JavaScript!

Correct me if I'm mistaken, but aren't *ALL* Zero-Day vulnerabilities spread via JavaScript?

But what are you writing?
It is the primary duty of each team to patch zero-Days bugs especially if there are recognized on the wild attacks.

https://securityaffairs.co/wordpress/96181/hacking/cve-2019-17026-firefox-zero-day.html

Regarding javascript you are not at risk (almost never) if they are totally disabled.
But this is impossible take for example this website where you have to enable them, even if only partially, to login.
See my analysis below:

https://webbkoll.dataskydd.net/en/results?url=http%3A%2F%2Fmsfn.org%2Fboard%2F

The Content Security Policy of the website is not implemented.
This means that you may be at risk of XSS attacks.
and also of MITM attacks.
I'll put you on a test to check your XSS protections:

http://www.example.com/>"><script>alert("XSS")</script>&


Mine are perfect:

Mfw7GEGJ_o.jpg

 

Edited by Sampei.Nihira

Share this post


Link to post
Share on other sites
29 minutes ago, Sampei.Nihira said:

It is the primary duty of each team to patch zero-Days bugs especially if there are recognized on the wild attacks.

Primary duty?  NO, IT ISN'T!

Anybody that runs WinXP (as I do and as you do) is a HYPOCRITE if they feel that ZERO-DAY exploits should be fixed "immediately".

 

If we want to run WinXP, which I wholeheartedly support and run it on FOUR of my FIVE home computers (the fifth runs Win 2003), then we can NOT do that on one hand and shout from rooftops to patch a zero-day on the other hand.  That *IS* the very definition of hypocrisy!

 

But anywhoo...

Share this post


Link to post
Share on other sites

Not to mention that each browser currently has remote exploitable vulnerabilities, not yet recognized, which could allow to exploit an OS that is no longer patched.

So I also highly recommend that you use also dedicated anti-exploit protection for your browser.
As an additional line of defense in the case of browser bypassing............

Share this post


Link to post
Share on other sites
3 hours ago, ArcticFoxie said:

aren't *ALL* Zero-Day vulnerabilities spread via JavaScript?

no, it can be anything you received from remote, for example, HTML, CSS, images, videos, audios, etc.

  • Like 1
  • Upvote 1

Share this post


Link to post
Share on other sites
On 1/12/2020 at 10:07 AM, Sampei.Nihira said:

It is the primary duty of each team to patch zero-Days bugs especially if there are recognized on the wild attacks.

Special message from upstream:

https://forum.palemoon.org/viewtopic.php?f=1&t=23605  :rolleyes:

(and https://forum.palemoon.org/viewtopic.php?p=181666#p181666 )

Edited by VistaLover
Added second link
  • Like 1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...