MX 17/18 Repository: The Pale Moon Browser Thread

Locked
Message
Author
User avatar
Eadwine Rose
Administrator
Posts: 11904
Joined: Wed Jul 12, 2006 2:10 am

Re: MX 17 Repository: The Pale Moon Browser Thread

#51 Post by Eadwine Rose »

I cannot off the bat remember the forum limits but you can also try uploading them to an external host, that will likely sort this out for now.
MX-23.2_x64 July 31 2023 * 6.1.0-18-amd64 ext4 Xfce 4.18.1 * 8core AMD Ryzen 7 2700
Asus TUF B450-Plus Gaming UEFI * Asus GTX 1050 Ti Nvidia 525.147.05 * 2x16Gb DDR4 2666 Kingston HyperX Predator
Samsung 860EVO * Samsung S24D330 & P2250 * HP Envy 5030

User avatar
Eadwine Rose
Administrator
Posts: 11904
Joined: Wed Jul 12, 2006 2:10 am

Re: MX 17 Repository: The Pale Moon Browser Thread

#52 Post by Eadwine Rose »

Ah.. went on a search and found this:

The maximum file size for attachments is 256K for both private and public posts.
The maximum number of attachments per post is 3 for public posts, and 1 for private posts.
MX-23.2_x64 July 31 2023 * 6.1.0-18-amd64 ext4 Xfce 4.18.1 * 8core AMD Ryzen 7 2700
Asus TUF B450-Plus Gaming UEFI * Asus GTX 1050 Ti Nvidia 525.147.05 * 2x16Gb DDR4 2666 Kingston HyperX Predator
Samsung 860EVO * Samsung S24D330 & P2250 * HP Envy 5030

User avatar
Gordon Cooper
Posts: 965
Joined: Mon Nov 21, 2011 5:50 pm

Re: MX 17 Repository: The Pale Moon Browser Thread

#53 Post by Gordon Cooper »

And to add a bit more. This is a world wide group. In some places the bandwidth is narrow, so the forum's rules on file file size and attachments are set to recognise this limitation.
Backup: Dell9010, MX-19_B2, Win7, 120 SSD, WD 232GIB HD, 4GB RAM
Primary :Homebrew64 bit Intel duo core 2 GB RAM, 120 GB Kingston SSD, Seagate1TB.
MX-18.2 64bit. Also MX17, Kubuntu14.04 & Puppy 6.3.

User avatar
fehlix
Developer
Posts: 10311
Joined: Wed Apr 11, 2018 5:09 pm

Re: MX 17 Repository: The Pale Moon Browser Thread

#54 Post by fehlix »

@linwinux, two questions:
Is you'r computer dual-boot'ng with Windows?
Have you set BIOS-time to local time?
Gigabyte Z77M-D3H, Intel Xeon E3-1240 V2 (Quad core), 32GB RAM,
GeForce GTX 770, Samsung SSD 850 EVO 500GB, Seagate Barracuda 4TB

linwinux

Re: MX 17 Repository: The Pale Moon Browser Thread

#55 Post by linwinux »

The 6 core AMD machine is a dual-boot setup with windows 7. But I haven't booted into Windows 7 for a month or even longer. Because of our VPN service I'm using the boot into systemd though, perhaps that makes a difference? My understanding is that Mint utilizes systemd as well and I've never had issues like this with Mint for around 3+ years. The other system, the dual-core Acer is strictly an MX system, nothing else on it.

User avatar
fehlix
Developer
Posts: 10311
Joined: Wed Apr 11, 2018 5:09 pm

Re: MX 17 Repository: The Pale Moon Browser Thread

#56 Post by fehlix »

@linwinux: Will this strange behavior happens also without VPN? I.e. you could boot non-systemd without VPN and see how palemoon behaves and whether your screen-saver issue shows up again. Only an idea...
Gigabyte Z77M-D3H, Intel Xeon E3-1240 V2 (Quad core), 32GB RAM,
GeForce GTX 770, Samsung SSD 850 EVO 500GB, Seagate Barracuda 4TB

linwinux

Re: MX 17 Repository: The Pale Moon Browser Thread

#57 Post by linwinux »

The Acer system does not boot into systemd and there is no VPN either. My system boots into systemd, but this has happened with vpn disabled as well as enabled.

User avatar
Stevo
Developer
Posts: 12776
Joined: Fri Dec 15, 2006 8:07 pm

Re: MX 17 Repository: The Pale Moon Browser Thread

#58 Post by Stevo »

Pale Moon 27.9.2 is now in the main repo.

This is a security and stability update.
Changes/fixes:

We changed the language strings for softblocked items so people will cry less when we do our job.
(CVE-2018-5174) Prevent potential SmartScreen bypass on Windows 10.
(CVE-2018-5173) Fixed an issue in the Downloads panel improperly rendering some Unicode characters, allowing for the file name to be spoofed. This could be used to obscure the file extension of potentially executable files from user view in the panel.
(CVE-2018-5177) Fixed a vulnerability in the XSLT component leading to a buffer overflow and crash if it occurs.
(CVE-2018-5159) Fixed an integer overflow vulnerability in the Skia library resulting in possible out-of-bounds writes.
(CVE-2018-5154) Fixed a use-after-free vulnerability while enumerating attributes during SVG animations with clip paths.
(CVE-2018-5178) Fixed a buffer overflow during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable extension in order to occur.
Fixed several stability issues (crashes) and memory safety hazards.

User avatar
Stevo
Developer
Posts: 12776
Joined: Fri Dec 15, 2006 8:07 pm

Re: MX 17 Repository: The Pale Moon Browser Thread

#59 Post by Stevo »

Pale Moon has been updated to security release 27.9.3 in the main repo:
Changes/fixes:

(CVE-2017-0381) Ported a patch from libopus upstream. Note, contrary to that report, the libopus maintainers state they don't believe remote code execution was possible, so this was not a critical patch.
Fixed an issue with task counting in JS GC.
Fixed a use-after-free in DOMProxyHandler::EnsureExpandoObject (thanks to Berk Cem Göksel for reporting).

User avatar
Stevo
Developer
Posts: 12776
Joined: Fri Dec 15, 2006 8:07 pm

Re: MX 17 Repository: The Pale Moon Browser Thread

#60 Post by Stevo »

Now updated to 27.9.4 in the main repo:

- Updated the useragent for addons.mozilla.org to work around their "Only
with Firefox" discrimination preventing users from downloading themes, old
versions of extensions, and other files with Pale Moon.
- Restricted web access to the moz-icon:// scheme that could potentially be
abused to infringe the user's privacy.
- Prevented various location-based threats. DiD
- Fixed a potential vulnerability with plugins being redirected to different
origins (CVE-2018-12364).
- Improved the security check for launching executable files
(by association) on Windows from the browser. For users who have (most
likely accidentally) granted a system-wide waiver for opening these kinds
of files without being prompted, this permission has been reset.
- Fixed an issue with invalid qcms transforms (CVE-2018-12366).
- Fixed a buffer overflow using the computed size of canvas elements
(CVE-2018-12359).
- Fixed a use-after-free when using focus() (CVE-2018-12360).
- Added some sanity checks on nsMozIconURI. DiD
- Fixed an issue in the case the preferences file in the profile would not be
writable (e.g. temporary permission issues due to backup, virus scanning or
similar external processes).

Locked

Return to “Package Requests/Status - MX 17/18”