Is Pale Moon Susceptible to 'Coinbase'?

Talk about code development, features, specific bugzilla bugs, enhancements, patches, and other highly technical things.
Forum rules
Please keep everything here strictly on-topic.
This board is meant for Pale Moon source code development related subjects only like code snippets, patches, specific referenced Bugzilla bugs, mercurial, etc.

This is not for tech support! Please do not post tech support questions in the "Development" board!
Please make sure not to use this board for support questions. Most "bug reports" do not belong in this board and should initially be posted in Community Support or other relevant support boards.

Please keep things on-topic as this forum will be used for reference for Pale Moon development. Expect topics that aren't relevant as such to be moved or deleted.
Locked
User avatar
therube
Board Warrior
Board Warrior
Posts: 1206
Joined: 2018-06-08, 17:02

Is Pale Moon Susceptible to 'Coinbase'?

Post by therube » 2019-06-19, 15:32


User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 26171
Joined: 2011-08-28, 17:27
Location: 58°2'16"N 14°58'31"E
Contact:

Re: Is Pale Moon Susceptible to 'Coinbase'?

Post by Moonchild » 2019-06-19, 15:41

For the record: We are not vulnerable to the exploit patched in the most recent Firefox point releases. You may breathe easy. We will still be looking at the code and (if prudent) apply defense-in-depth for futureproofing, of course.

https://twitter.com/palemoonbrowser/sta ... 2260123648
"There will be times when the position you advocate, no matter how well framed and supported, will not be accepted by the public simply because you are who you are." -- Merrill Rose
Image

User avatar
ibmhal5678
Moongazer
Moongazer
Posts: 7
Joined: 2019-05-21, 04:18

Re: Is Pale Moon Susceptible to 'Coinbase'?

Post by ibmhal5678 » 2019-06-20, 23:23

What's going on with Firefox?
https://www.mozilla.org/en-US/security/ ... sa2019-18/

Seems they are adressing another security issue:
https://www.mozilla.org/en-US/security/ ... sa2019-19/

I had two/three updates for FirefoxQuantum/FFESR today.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 26171
Joined: 2011-08-28, 17:27
Location: 58°2'16"N 14°58'31"E
Contact:

Re: Is Pale Moon Susceptible to 'Coinbase'?

Post by Moonchild » 2019-06-21, 09:03

https://www.mozilla.org/en-US/security/advisories/mfsa2019-19/
Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process.
i.e.: Yet another electrolysis (multi-process) inter-process communication vulnerability that doesn't apply to UXP.
"There will be times when the position you advocate, no matter how well framed and supported, will not be accepted by the public simply because you are who you are." -- Merrill Rose
Image

Locked