PM 27.2.0 not allowing CRITICAL update to LASTPASS Topic is solved

The place to report Pale Moon specific bugs on Linux and other operating systems.

Moderators: Indalecio, satrow

twigs
Newbie
Newbie
Posts: 5
Joined: Wed Apr 05, 2017 9:39 am

Re: PM 27.2.0 not allowing CRITICAL update to LASTPASS

Postby twigs » Wed Apr 05, 2017 4:26 pm

back2themoon wrote:With all the increasing LastPass vulnerability/exploit announcements, I for one am staying away from it and not going back - Pale Moon compatible or not.


On this particular issue, to be fair to them, they are responding pretty quick when they are notified of problems, what else can they do? If LastPass didn't address those issues, then I imagine most people would move away from them pretty sharpish and they'd be sunk.

Extensions are always going to get updated, but if Pale Moon loses users because of extension issues, then isn't that a problem? I have only been using Pale Moon for about a year or so, been very happy with it, thank you to all the devs. Decided to register on the forum to see if there's any way I can help (I'm not a developer though). Not having the latest iteration of NoScript isn't a problem but not being able to install the latest version of LastPass will be a problem for me and, I assume, others.

User avatar
back2themoon
Astronaut
Astronaut
Posts: 813
Joined: Sun Aug 19, 2012 8:32 pm

Re: PM 27.2.0 not allowing CRITICAL update to LASTPASS

Postby back2themoon » Wed Apr 05, 2017 4:33 pm

twigs wrote:Extensions are always going to get updated, but if Pale Moon loses users because of extension issues, then isn't that a problem?

It is, but it doesn't make much sense to replace your favourite browser because of an extension issue. The obvious solution is to replace the extension (even more so if they explicitly do not support PM). There is no shortage of alternative extensions and LastPass is certainly not an exception.
Safe Mode / clean profile info: Menu/Help/Restart with Add-ons Disabled
Information to include when asking for support
How to apply user agent overrides

Windows 10 Pro x64 - Pale Moon x64 - FossaMail x64

twigs
Newbie
Newbie
Posts: 5
Joined: Wed Apr 05, 2017 9:39 am

Re: PM 27.2.0 not allowing CRITICAL update to LASTPASS

Postby twigs » Thu Apr 06, 2017 1:12 pm

Yep, have that freedom on my personal devices but not unfortunately at work; my ideals in promoting Pale Moon as a viable browser in our workplace could come to a halt :(

Anyway, I contacted Last Pass via our work account and got this back after requesting that they make 4.x available for all browsers and not just those listed here :

"Thank you very much for providing feedback regarding a product/change that you would like to see us provide in the future!
I have submitted a report describing your feature request to our Development Team for review. As a feature request, it's not possible to say what will happen next, but we do consider feedback and suggestions from users like you very seriously."

Bit of a generic response but should anything come of it, I'll post here.

User avatar
back2themoon
Astronaut
Astronaut
Posts: 813
Joined: Sun Aug 19, 2012 8:32 pm

Re: PM 27.2.0 not allowing CRITICAL update to LASTPASS

Postby back2themoon » Thu Apr 06, 2017 1:22 pm

I could only suggest that you try to convince your work to use a safer solution than LastPass - combined with a safer browser like Pale Moon. If they are interested in security, they should at least hear you out.

I'd be surprised if LastPass decided to support Pale Moon. I don't think they even supported it with v3, it just happened to work.
Safe Mode / clean profile info: Menu/Help/Restart with Add-ons Disabled
Information to include when asking for support
How to apply user agent overrides

Windows 10 Pro x64 - Pale Moon x64 - FossaMail x64

User avatar
troypulk
Fanatic
Fanatic
Posts: 193
Joined: Fri Sep 19, 2014 11:53 pm
Location: Washington State, USA

Re: PM 27.2.0 not allowing CRITICAL update to LASTPASS

Postby troypulk » Thu Apr 06, 2017 3:54 pm

back2themoon wrote:I could only suggest that you try to convince your work to use a safer solution than LastPass


Do you use Linux?

What would be a comparable to LassPass?

The closes thing I have seen is Enpass and they haven't even been audited yet and they are close source, Plus they support FF so if it works on PM it's because of FF.
SolydX EE x64

Pale Moon 27.3.0 x64

User avatar
back2themoon
Astronaut
Astronaut
Posts: 813
Joined: Sun Aug 19, 2012 8:32 pm

Re: PM 27.2.0 not allowing CRITICAL update to LASTPASS

Postby back2themoon » Thu Apr 06, 2017 6:00 pm

troypulk wrote:Do you use Linux? What would be a comparable to LassPass?

Sorry, have no clue about Linux. If you search (in this forum as well) I'm sure you'll find something good, like the various KeePass versions.
Safe Mode / clean profile info: Menu/Help/Restart with Add-ons Disabled
Information to include when asking for support
How to apply user agent overrides

Windows 10 Pro x64 - Pale Moon x64 - FossaMail x64

User avatar
Shadeclan
Lunatic
Lunatic
Posts: 255
Joined: Thu Jun 05, 2014 5:27 pm
Location: Albany, NY

Re: PM 27.2.0 not allowing CRITICAL update to LASTPASS

Postby Shadeclan » Thu May 11, 2017 7:24 pm

I only recently became aware of the issue with LastPass through my friend Ziggy (developer of the Lavafox themes), who also uses LastPass:

Ziggy wrote:LastPass .. version 3+ is vulnerable to a very nasty hack, zero day was published and fixed already on version 4 .. (Google's security found it, very big deal but no damage was done).

Version 4+ does install via the tester tool and work partly, can access most features .. but cannot use it because it just does not fill the form fields (user name, password etc) - which is the whole purpose of the add-on.

The funny thing is that now there is also a bug in LastPass on Nightly but that's another issue (FF changed something again about the UI).

Anyway, PM users need to know that the version of LastPass on PM's add-ons website is very dangerous. I saw a user posting about it already in the forum (I remember seeing it somewhere) but not sure if it got enough attention.

It's same dangerous version on Firefox AMO site (version 4 is "beta" there) but on Firefox anyone can easily install the new version 4 on LastPass site and it works well on default Firefox (not Nightly).

LastPass is critical for anyone using it (I personally cannot work without it) .. hope PM can make it work, because LastPass can be a bit slow or not respond at all ..

I think anyway it's up to PM to make version 4 work, LastPass need to follow Firefox first (bug on Nightly).

Do you use LastPass ? any idea what can be done ?


I suggested to Ziggy that trusting a browser add-on to store critical passwords is both limiting and dangerous. I further suggested he move his passwords to KeePass which has versions that work everywhere (Windows, Linux, Android, even Blackberry devices!), is open source, has a large development community and has all sorts of customizations to do just about anything you might want. There are also different levels of browser integration from add-on to standalone app. However he, like most people, is reluctant to change.

troypulk wrote:... What would be a comparable to LassPass?

back2themoon wrote:With all the increasing LastPass vulnerability/exploit announcements, I for one am staying away from it and not going back - Pale Moon compatible or not.

If you two are willing to consider it, I strongly suggest trying the KeePass app (not the browser add-on) with the KeePass Helper browser add-on which adds URL info into the browser window and allows KeePass to select a proper password for the target window.

I know that LastPass has responded negatively to Pale Moon support. If we want support from these people, we have to remember to be persistent. Ziggy and I had a similar issue with the Toggl app but they, apparently, are unofficially supporting Pale Moon now as they recently made a change to their website that lets Toggl work with Pale Moon now.

If enough people complain, they will see that it's to their advantage to support Pale Moon. The key is numbers and persistence.
Image

fillerup
Fanatic
Fanatic
Posts: 143
Joined: Mon May 19, 2014 7:14 pm
Location: Finland

Re: PM 27.2.0 not allowing CRITICAL update to LASTPASS

Postby fillerup » Fri May 12, 2017 4:25 am

troypulk wrote:Do you use Linux?

What would be a comparable to LassPass?

KeepassXC is what you want

User avatar
troypulk
Fanatic
Fanatic
Posts: 193
Joined: Fri Sep 19, 2014 11:53 pm
Location: Washington State, USA

Re: PM 27.2.0 not allowing CRITICAL update to LASTPASS

Postby troypulk » Fri May 12, 2017 1:59 pm

fillerup wrote:
troypulk wrote:Do you use Linux?

What would be comparable to LassPass?

KeepassXC is what you want


I don't need a password manager for off line use, I only have 1 password I use off line and I can remember it on my own. Online I have almost 200 passwords.

I installed Keepass2 with the FF addon but I couldn't get it to work with PM 27.3 and it was getting labor intensive just for a PW manager, it only took me 10 minutes to install and use Enpass.

I read some reviews that Keepass and it's various branches were not user friendly.... etc. and if you're going to use keepass it should be keepass2.

I ended up using Enpass - https://www.enpass.io it's the most like lasspass that I have seen and it's free for desktop and only $10 a platform for life on your phone.

I've read the reviews and even though it's not open source and hasn't been audited by a third party it's still in my opinion the best PW manager for online and offline use, plus it's web browser integration is seamless.

One big plus for me with all the good things about it, is that once I install it it's completely my own and doesn't talk to the home base and I did not have to register to use it.
Last edited by troypulk on Fri May 12, 2017 2:13 pm, edited 1 time in total.
SolydX EE x64

Pale Moon 27.3.0 x64

User avatar
Shadeclan
Lunatic
Lunatic
Posts: 255
Joined: Thu Jun 05, 2014 5:27 pm
Location: Albany, NY

Re: PM 27.2.0 not allowing CRITICAL update to LASTPASS

Postby Shadeclan » Fri May 12, 2017 2:09 pm

troypulk wrote:I don't need a password manager for off line use, I only have 1 password I use off line and I can remember it on my own. Online I have almost 200 passwords.

I installed Keepass2 with the FF addon but I couldn't get it to work with PM 27.3 and it was getting labor intensive just for a PW manager, it only took me 10 minutes to install and use Enpass.

I read some reviews that Keepass and it's various branches were not user friendly.... etc. and if you're going to use keepass it should be keepass2.

I ended up using Enpass - https://www.enpass.io it's the most like lasspass that I have seen and it's free for desktop and only $10 a month for your phone.

I've read the reviews and even though it's not open source and hasn't been audited by a third party it's still in my opinion the best PW manager for online and offline use, plus it's web browser integration is seamless.

One big plus for me with all the good things about it, is that once I install it it's completely my own and doesn't talk to the home base and I did not have to register to use it.
Whatever works for you, use it. I've been using KeePass for years and found it not that difficult to set up and use. It's very flexible and quick once you figure it out - there is a learning curve, however.
Image


Return to “Bug reports (Linux & other)”

Who is online

Users browsing this forum: No registered users and 1 guest