Jump to content

trium

Experienced Members
  • Posts

    2,544
  • Joined

  • Last visited

Posts posted by trium

  1. ff v68.8.0 esr

    05. may 2020

    Fixed

    unresolved

    • Audio playback is currently not working when running the 32-bit Windows version of Firefox ESR from a network drive. This will be addressed in the next major Firefox ESR release.

    Quote

    Security Vulnerabilities fixed in Firefox ESR 68.8

    Announced May 5, 2020
    Impact critical
    Products Firefox ESR
    Fixed in Firefox ESR 68.8

    #CVE-2020-12387: Use-after-free during worker shutdown

    Reporter Looben Yang
    Impact critical
    Description

    A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This resulted in a potentially exploitable crash.

    References

    #CVE-2020-12388: Sandbox escape with improperly guarded Access Tokens

    Reporter James Forshaw of Google Project Zero
    Impact critical
    Description

    The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape.
    Note: this issue only affects Firefox on Windows operating systems.

    References

    #CVE-2020-12389: Sandbox escape with improperly separated process types

    Reporter Niklas Baumstark
    Impact high
    Description

    The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape.
    Note: this issue only affects Firefox on Windows operating systems.

    References

    #CVE-2020-6831: Buffer overflow in SCTP chunk input validation

    Reporter Natalie Silvanovich of Google Project Zero
    Impact high
    Description

    A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash.

    References

    #CVE-2020-12392: Arbitrary local file access with 'Copy as cURL'

    Reporter Ophir LOJKINE
    Impact moderate
    Description

    The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in the disclosure of local files.

    References

    #CVE-2020-12393: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection

    Reporter David Yesland
    Impact moderate
    Description

    The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution.
    Note: this issue only affects Firefox on Windows operating systems.

    References

    #CVE-2020-12395: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8

    Reporter Mozilla developers and community
    Impact critical
    Description

    Mozilla developers and community members Alexandru Michis, Jason Kratzer, philipp, Ted Campbell, Bas Schouten, André Bargull, and Karl Tomlinson reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

    References
  2. ff v76.0

    05. may 2020

     

    New

    • With today’s release, Firefox strengthens protections for your online account logins and passwords, with innovative approaches to managing your accounts during this critical time:

      • Firefox displays critical alerts in the Lockwise password manager when a website is breached;
      • If one of your accounts is involved in a website breach and you've used the same password on other websites, you will now be prompted to update your password. A key icon identifies which accounts use that vulnerable password.
      • Automatically generate secure, complex passwords for new accounts across more of the web that are easily saved right in the browser;
      • You have been able to access and see your saved passwords under Logins and Passwords easily under the main menu. If your device happens to be shared among your family or roommates, the latest update helps to prevent casual snooping over your shoulder. If you don’t have a master password set up for Firefox, Windows and macOS now requires a login to your operating system account before showing your saved passwords.
    • Picture-in-Picture allows you to multitask, the small video window following along no matter what you are doing on your computer, across different applications and even workspaces. Now, when you are ready to focus on the video, a double click can take the small window into full screen. Double click again to reduce the size again.

    • Firefox now supports Audio Worklets that will allow more complex audio processing like VR and gaming on the web; and is being adopted by some of your favorite software programs.

      • With this change, you can now join Zoom calls on Firefox without the need for any additional downloads.
    • WebRender continues its roll out to more Firefox for Windows users, now available by default on modern Intel laptops with a small screen (<= 1920x1200) for improved graphics rendering.

     

    Fixed

     

    Changed

    • Two updates to the address bar improve its usability and visibility:

      • The shadow around the address bar field is reduced in width when a new tab is opened;
      • The bookmarks toolbar has expanded slightly in size to improve its surface area for touchscreens.
     

    Developer

    Developer Information

    • Testing mobile interactions using DevTools’ Responsive Design Mode now mimics the device behavior for handling double-tap to zoom. This builds on previous improvements to correctly rendering meta-viewport tags, allowing developers to optimize their sites for Firefox for Android without a device.

    • Double-clicking table headers in DevTools’ network request table now resizes the column width to fit the content, making it easier to expand the important data.

    • WebSocket inspection now supports ActionCable message preview, adding to the list of automatically formatted protocols like socket.io, SignalR, WAMP, etc.

     

    unresolved

    • Audio playback is currently not working when running the 32-bit Windows version of Firefox from a network drive. This will be addressed in an upcoming future Firefox release.

  3. i have different browsers installed/portable

    one i have iron protable like andavari -> because with german security settings :-)

    also palemon portable, firefox installed, in the near future i will install edge-chromium as a replacement for ie11 - have it installed on older w7 -> seems to work fast :-) bad stuff: autoupdate with no possibility in the settings for on or off -> but no problem you know 😉

  4. Changes between 3.0.8 and 3.0.9:
    ----------------------------------
    
    Core:
     * Work around busy looping when playing an invalid item through VLM
    
    Access:
     * Multiple dvdread and dvdnav crashs fixes
     * Fixed DVD glitches on clip change
     * Fixed dvdread commands/data sequence inversion in some cases causing
       unwanted glitches
     * Better handling of authored as corrupted DVD
     * Added libsmb2 support for SMB2/3 shares
    
    Demux:
     * Fix TTML entities not passed to decoder
     * Fixed some WebVTT styling tags being not applied
     * Misc raw H264/HEVC frame rate fixes
     * Fix adaptive regression on TS format change (mostly HLS)
     * Fixed MP4 regression with twos/sowt PCM audio
     * Fixed some MP4 raw quicktime and ms-PCM audio
     * Fixed MP4 interlacing handling
     * Multiple adaptive stack (DASH/HLS/Smooth) fixes
     * Enabled Live seeking for HLS
     * Fixed seeking in some cases for HLS
     * Improved Live playback for Smooth and DASH
     * Fixed adaptive unwanted end of stream in some cases
     * Faster adaptive start and new buffering control options
    
    Packetizers:
     * Fixes H264/HEVC incomplete draining in some cases
     * packetizer_helper: Fix potential trailing junk on last packet
     * Added missing drain in packetizers that was causing missing
       last frame or audio
     * Improved check to prevent fLAC synchronization drops
    
    Decoder:
     * avcodec: revector video decoder to fix incomplete drain
     * spudec: implemented palette updates, fixing missing subtitles
       on some DVD
     * Fixed WebVTT CSS styling not being applied on Windows/macOS
     * Fixed Hebrew teletext pages support in zvbi
     * Fixed Dav1d aborting decoding on corrupted picture
     * Extract and display of all CEA708 subtitles
     * Update libfaad to 2.9.1
     * Add DXVA support for VP9 Profile 2 (10 bits)
     * Mediacodec aspect ratio with Amazon devices
    
    Audio output:
     * Added support for iOS audiounit audio above 48KHz
     * Added support for amem audio up to 384KHz
    
    Video output:
     * Fix for opengl glitches in some drivers
     * Fix GMA950 opengl support on macOS
     * YUV to RGB StretchRect fixes with NVIDIA drivers
     * Use libpacebo new tone mapping desaturation algorithm
    
    Text renderer:
     * Fix crashes on macOS with SSA/ASS subtitles containing emoji
     * Fixed unwanted growing background in Freetype rendering and Y padding
    
    Mux:
     * Fixed some YUV mappings
    
    macOS:
     * Use a layer based video output on 10.14 and higher, which should
       fix various rendering issues where the vout would glitch between
       a wrong size and the correct size.
       Additionally this works around OpenGL issues with Macs that have a
       dedicated NVIDIA GPU, which caused rendering artifacts in the whole
       OS, especially when the "Reduce transparency" accessibility option
       is used
     * Remove qtsound module and add avaudiocapture module as replacement
     * Fix audio capture on macOS Catalina by using avaudiocapture
     * Inform the user in case OS permissions are missing for certain actions
     * Fix Apple Remote support on macOS Catalina
     * Add support for pausing Apple Music on macOS Catalina
     * Fix UPnP discovery crash without an active network interface
     * Fix rare placement issues with fullscreen panel
     * Fix problem in audio output remembering the last device configuration
       in digital mode
    
    Service Discovery:
     * Update libmicrodns to 0.1.2
    
    Misc:
     * Update YouTube, SoundCloud and Vocaroo scripts: this restores
       playback of YouTube URLs.
     * Add missing .wpl & .zpl file associations on Windows
     * Improved chromecast audio quality
  5. ublock v1.26.2

    gorhill released this

    9 days ago

    Firefox

    No code change since 1.26.0.

    The sole purpose of this release is to ensure an up to date version of EasyList is shipped as part of the package.

    An obsolete version of EasyList was shipped with uBO 1.26.0 and this was causing Google fonts to be unduly blocked everywhere after installing uBO for the first time. The issue arose as a result of the cname-uncloaking feature and thus affected only the Firefox version of uBO.

    Though forcing an update of filter lists would solve the issue, Google fonts should not be blocked out of the box without having to force an update of filter lists.

     

  6. 6 hours ago, JT1 said:

    See attached screenshot

     

    6 hours ago, hazelnut said:

    Are there any entries for CCleaner showing in the Windows Task Manager?

     

    @JT1

    if you dont want the autoupdater-service -> go to the ccleaner folder -> rename "ccupdater.exe" to for example "ccupdater_old.exe" -> after restart this service should not there... and this background service is deactivated

  7. hi fans,

    i read this interesting news from microsoft...

    Quote

     

    NEW
    IMPORTANT We have been evaluating the public health situation, and we understand this is impacting our customers. In response to these challenges, we are prioritizing our focus on security updates. Starting in May 2020, we are pausing all optional non-security releases (C and D updates) for all the supported versions of Windows client and server products (Windows 10, version 1909 down to Windows Server 2008 SP2).

    There is no change to the monthly security updates (B release – Update Tuesday); these will continue as planned to ensure business continuity and to keep our customers protected and productive.

     

     

  8. @racydex

    only into the blue -> have you tryed to RESTART (not shutdown) with your w10?

    from hazelnut in the past i became the info that since w8 there is an "softstart" enabled per default in windows.

     

    from time to time there are funny effects and an RESTART can help -> the one or another settings can be changed with an restart was not work with an softstart (shutdown). perhaps the problem go from itself away :-)  this is only a little wish

  9. hello alan,

    here the documentation for this:

    https://www.ccleaner.com/docs/ccleaner/using-ccleaner/wiping-free-disk-space

    Quote

     

    Method 2 (Manually wipe with Drive Wiper):

    1. Select Tools > Drive Wiper
    2. Choose the type of wipe you require:
      1. Free Space Only will leave your normal files intact
      2. Entire Drive will erase all of the files on the drive.  WARNING, this means the whole of the partition will be erased.  The drive will still be formatted, but all data will be erased.  For safety reasons, this feature is disabled for the boot drive.
    3. Choose the type of security you require (Simple Overwrite is ok for most situations)
    4. CCleaner will warn you before proceeding

     

    1.  
  10. option "site preferences" -> as far as i can see only showing for firefox cleaning settings

    i dont know exactly what is meant with this cleaning-option - i find this from mozilla and perhaps some of this would be cleaned

    Quote

    Browser Privacy
    Forms & Passwords, History, Cookies and Site Data, Address Bar and Tracking Protection: This is where you can control settings for the Firefox Tracking Protection and Do Not Track features, manage website cookies, website data storage and cached web content, where you can set how to fill in forms and manage passwords, manage your browsing, download, search and form history and set how the address bar works.

     

    and this from http://www.brightfort.com/sb-link/sitepreferencesfix.html

    Quote

     

    About Site Preferences

    This information applies to Mozilla Firefox, and related browsers (ex. Pale Moon).
     

     

    The Problem: Mozilla Firefox has an option to clear/remove "Site Preferences". This option conflicts with SpywareBlaster's protection, and may result in SpywareBlaster showing unprotected items.
     
     
    Background: What Firefox calls "Site Preferences" are actually the exact settings that SpywareBlaster, and even Firefox itself, use to configure per-site restrictions or policies.

    They are not: cookies, history, the actual "preferences" or data that a site may have stored about you (ex. your e-mail address, your favorite color), etc.

    Some examples of Firefox features that set "Site Preferences":
    • if you allow pop-ups on a banking/ecommerce site
    • if you allow cookies from a forum site

     

     

    1521600397_ccleanersitepreferencesfiresfoxeinstellungen2.jpg.143a4e9f754171df9a21da4ad0188c0d.jpg

    but i think the translation could be changed.

    ccleaner -> custom clean -> applications -> firefox:

    english: Site Preferences

    german old: Seiten Eigenschaften

    german new: Seiten-Präferenzen or Seiten-Einstellungen or Seiten-Voreinstellungen or Seiten-Bevorzugungen or Seiten-Vorgabe or ... perhaps the official translator knows a better term

    ccleaner site preferences englisch.JPG

    ccleaner site preferences deutsch.JPG

  11. another question is this case...

     

    ie11 is at the end - not good functionality - especially for the further steps of internet.

    is ms edge (new one) available for windows 8.1?

    shoult i (normal user of w8.1) install this as a replacement for ie11? or perhaps bring microsoft this as an optional update/upgrade?

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.