Is Pale Moon Susceptible to 'Coinbase'?

Talk about code development, features, specific bugzilla bugs, enhancements, patches, and other highly technical things.

Moderator: satrow

Forum rules
Please keep everything here strictly on-topic.
This board is meant for Pale Moon source code development related subjects only like code snippets, patches, specific referenced Bugzilla bugs, mercurial, etc.

This is not for tech support! Please do not post tech support questions in the "Development" board!
Please make sure not to use this board for support questions. Most "bug reports" do not belong in this board and should initially be posted in Community Support or other relevant support boards.

Please keep things on-topic as this forum will be used for reference for Pale Moon development. Expect topics that aren't relevant as such to be moved or deleted.
User avatar
therube
Board Warrior
Board Warrior
Posts: 1076
Joined: 2018-06-08, 17:02

Is Pale Moon Susceptible to 'Coinbase'?

Unread post by therube » 2019-06-19, 15:32


User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 24453
Joined: 2011-08-28, 17:27
Location: 58°2'16"N 14°58'31"E
Contact:

Re: Is Pale Moon Susceptible to 'Coinbase'?

Unread post by Moonchild » 2019-06-19, 15:41

For the record: We are not vulnerable to the exploit patched in the most recent Firefox point releases. You may breathe easy. We will still be looking at the code and (if prudent) apply defense-in-depth for futureproofing, of course.

https://twitter.com/palemoonbrowser/sta ... 2260123648
"If you want to build a better world for yourself, you have to be willing to build one for everybody." -- Coyote Osborne
Image

User avatar
ibmhal5678
Moongazer
Moongazer
Posts: 7
Joined: 2019-05-21, 04:18

Re: Is Pale Moon Susceptible to 'Coinbase'?

Unread post by ibmhal5678 » 2019-06-20, 23:23

What's going on with Firefox?
https://www.mozilla.org/en-US/security/ ... sa2019-18/

Seems they are adressing another security issue:
https://www.mozilla.org/en-US/security/ ... sa2019-19/

I had two/three updates for FirefoxQuantum/FFESR today.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 24453
Joined: 2011-08-28, 17:27
Location: 58°2'16"N 14°58'31"E
Contact:

Re: Is Pale Moon Susceptible to 'Coinbase'?

Unread post by Moonchild » 2019-06-21, 09:03

https://www.mozilla.org/en-US/security/advisories/mfsa2019-19/
Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process.
i.e.: Yet another electrolysis (multi-process) inter-process communication vulnerability that doesn't apply to UXP.
"If you want to build a better world for yourself, you have to be willing to build one for everybody." -- Coyote Osborne
Image

Post Reply