Has Pale Moon ever discovered and patched vulnerabilities unknown to Mozilla? Topic is solved

Discussions about the development and maturation of the platform code (UXP).
Warning: may contain highly-technical topics.

Moderators: trava90, athenian200

User avatar
Mæstro
Lunatic
Lunatic
Posts: 459
Joined: 2019-08-13, 00:30
Location: Casumia

Has Pale Moon ever discovered and patched vulnerabilities unknown to Mozilla?

Unread post by Mæstro » 2022-04-29, 20:27

Reading Pale Moon’s release notes each month for me is fun. Most security patches in the UXP summary, as I have seen, match defects in Mozilla’s code. As we grow further apart from Mozilla, I can see the share of inapplicable code changes grows. I know that Mozilla has abandoned XUL in 2017, that I should not think they are still maintaining that part of our shared heritage in their own security reports. Because of this, I am curious: has the Pale Moon team ever spotted and mended vulnerabilities in code that Mozilla has long ago forsaken?
Browser: Pale Moon (Pusser’s repository for Debian)
Operating System: Linux Mint Debian Edition 4 (amd64)
※Receiving Debian 10 LTS security upgrades
Hardware: HP Pavilion DV6-7010 (1400 MHz, 6 GB)
Formerly user TheRealMaestro: æsc is the best letter.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35402
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Has Pale Moon ever discovered and patched vulnerabilities unknown to Mozilla?

Unread post by Moonchild » 2022-04-30, 09:18

TheRealMaestro wrote:
2022-04-29, 20:27
Because of this, I am curious: has the Pale Moon team ever spotted and mended vulnerabilities in code that Mozilla has long ago forsaken?
Yes.
I generally don't go through the effort of generating CVEs for them or what not, but there have been e.g. use-after-free and exploitable crash vulnerabilities that were Pale Moon specific that have been patched.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

Locked