Jump to content

trium

Experienced Members
 View Profile  See their activity

  • Posts

    2,544

  • Joined

  • Last visited

 Content Type 

Posts posted by trium

    Drive Wiper

    in CCleaner

    Posted

    hello peterw,

     

    ccleaner -> tools -> drive wiper:

     

    what is in the first line "wipe"?

     

    -> entire drive (all data will be erased)

    or

    -> free space only

     

    ps: with first you cant select your c-drive because it is gray ;-)

    The Firefox/Mozilla Thread

    in Software

    Posted

    ff v68.0 esr

     

    09. july 2019

     

    New

    • A number of features improve the browser experience in enterprise settings.

      • MSI installer file type is included in this release, helping make deployments in the Windows environment easier and more flexible.
      • Configuration profiles in macOS

      • The ability to read added certificates roots from the macOS Keychain

      • For all operating systems, we have a number of additional policies including:

      • New tab page configuration and disabling
      • Local file links
      • Download behavior
      • Search suggestions
      • Managed storage for using policies in Webextensions
      • Extension configuration (allow/deny) by ID and website
      • A subset of commonly used Firefox preferences

      You can see a full list of policies here.

    • User and enterprise added certificates are read from the operating system by default.

    Fixed

    • Local files can no longer access other files in the same directory.

    Changed

    unresolved

    • Windows Background Intelligent Transfer Service (BITS) update download for proxy users with authentication will fall back to legacy update system on Windows (bug 1561200)

    • Service workers and push notifications remain disabled in Firefox ESR

    The Firefox/Mozilla Thread

    in Software

    Posted

    ff v60.8.0 esr

     

    09. july 2019

     

    Fixed

     

    Security vulnerabilities fixed in Firefox ESR 60.8

    Announced
    July 9, 2019
    Impact
    critical
    Products
    Firefox ESR
    Fixed in
    • Firefox ESR 60.8

    #CVE-2019-9811: Sandbox escape via installation of malicious language pack

    Reporter
    Niklas Baumstark
    Impact
    high
    Description

    As part of his winning Pwn2Own entry, Niklas Baumstark demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation.

    References

    #CVE-2019-11711: Script injection within domain through inner window reuse

    Reporter
    Boris Zbarsky
    Impact
    high
    Description

    When an inner window is reused, it does not consider the use of document.domain for cross-origin protections. If pages on different subdomains ever cooperatively use document.domain, then either page can abuse this to inject script into arbitrary pages on the other subdomain, even those that did not use document.domain to relax their origin security.

    References

    #CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects

    Reporter
    Gregory Smiley of Security Compass
    Impact
    high
    Description

    POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an attacker to perform Cross-Site Request Forgery (CSRF) attacks.

    References

    #CVE-2019-11713: Use-after-free with HTTP/2 cached stream

    Reporter
    Hanno Böck
    Impact
    high
    Description

    A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash.

    References

    #CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault

    Reporter
    Jonas Allmann
    Impact
    moderate
    Description

    Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used.

    References

    #CVE-2019-11715: HTML parsing error can contribute to content XSS

    Reporter
    Linus Särud
    Impact
    moderate
    Description

    Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites in certain circumstances.

    References

    #CVE-2019-11717: Caret character improperly escaped in origins

    Reporter
    Tyson Smith
    Impact
    moderate
    Description

    A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes.

    References

    #CVE-2019-11719: Out-of-bounds read when importing curve25519 private key

    Reporter
    Henry Corrigan-Gibbs
    Impact
    moderate
    Description

    When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure.

    References

    #CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin

    Reporter
    Luigi Gubello
    Impact
    moderate
    Description

    A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these directories and they may uploaded to a server. Luigi Gubello demonstrated that in combination with a popular Android messaging app, if a malicious HTML attachment is sent to a user and they opened that attachment in Firefox, due to that app's predictable pattern for locally-saved file names, it is possible to read attachments the victim received from other correspondents.

    References

    #CVE-2019-11709: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8

    Reporter
    Mozilla developers and community
    Impact
    critical
    Description

    Mozilla developers and community members Andreea Pavel, Christian Holler, Honza Bambas, Jason Kratzer, and Jeff Gilbert reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.

    References

    The Firefox/Mozilla Thread

    in Software

    Posted

    ff v68.0

     

    09. july 2019

     

    New

    • Dark mode in reader view expands so that windows are also dark on the controls, sidebars and toolbars.

    • Improved extension security and discovery:

      • New reporting feature in about:addons allows you to report security and performance issues with extensions and themes.
      • Redesigned extensions dashboard in about:addons provides easy access to information about your extensions, including data and settings access required by each extension.
      • Find high quality, secure extensions via the Recommended Extensions program in about:addons, which now displays user count and ratings for each extension. "Recommended” badges for these extensions also appear on AMO. More extensions will be added over time.

    • Cryptomining and fingerprinting protections are added to strict content blocking settings in Privacy & Security preferences.

    • WebRender will roll out to Windows 10 users with AMD graphics cards.

    • Windows Background Intelligent Transfer Service (BITS) update download support, which allows Firefox update downloads to continue when Firefox is closed.

    Fixed

    • Various security fixes

    • Local files can no longer access other files in the same directory.

    Changed

    • Unified existing locales (bn-BD, bn-IN) under a single Bengali (bn) localization.

    • The following unmaintained translations have been removed: Assamese (as), English - South Africa (en-ZA), Maithili (mai), Malayalam (ml), Odia (or). Existing users will be migrated to the British English (en-GB) version.

    • When an HTTPS error caused by antivirus software is detected, Firefox will attempt to automatically fix it

    • Camera and microphone access now require an HTTPS connection.

    • The way non-default preferences are synced has changed. Please see this support article for more details

    Enterprise

    • For all operating systems, we have a number of additional policies including:

      • New tab page configuration and disabling
      • Local file links
      • Download behavior
      • Search suggestions
      • Managed storage for using policies in Webextensions
      • Extension whitelisting and blacklisting by ID and website
      • A subset of commonly used Firefox preferences

      You can see a full list of policies here.

    Developer

    • Firefox Developer Tools now offers a full page color contrast audit that identifies all elements on a page that fail color contrast checks.

    • Added about:compat, where website-specific workarounds are listed and may be toggled. These workarounds are meant as temporary fixes for various forms of website breakage for Firefox, while the website fixes them in due time. With about:compat, it is now easy to see all of the workarounds that are active in Firefox, and easy for website developers to disable a given workaround for testing purposes.

    • Introduces CSS Scroll Snap module that enforces scroll snap positions.

    unresolved

    • The new URL bar implementation does not handle javascript: bookmarklets triggered via bookmark keywords correctly yet (bug 1552141)

    ublock users

    in Software

    Posted

    ublock v1.20.2

     

    gorhill released this

    Jul 2, 2019

     

    No changes from 1.20.0.

    This release exists only to fulfill a request by Mozilla that I submit a new version even if there is no code change, so as to test changes on the back-end of AMO.

    VLC player advisory

    in Software

    Posted 

    thanks hazelnut :-)



    Summary           : Read buffer overflow & double free
Date              : June 2019
Affected versions : VLC media player 3.0.6 and earlier
     

Security:
 * Fix multiple buffer overflows in the ps demuxer
 * Fix a buffer overflow when copying a biplanar YUV image
 * Fix multiple buffer overflows in the faad decoder
 * Fix buffer overflow in the svcdsub decoder
 * Fix buffer overflows in the ogg muxer & demuxer
 * Fix buffer overflows in libavformat demuxer
 * Fix multiple buffer overflows in the MKV demuxer
 * Fix a buffer overflow in the MP4 demuxer
 * Fix a buffer overflow in the textst decoder
 * Fix a buffer overflow in the webvtt decoder
 * Fix a buffer overflow in the ASF demux
 * Fix a buffer overflow in the UPNP SD
 * Fix use after free in the ogg demuxer
 * Fix multiple use after free in the MKV demuxer
 * Fix multiple use after free in the DMO decoder
 * Fix integer underflow in the MKV demuxer
 * Fix an updater NULL pointer dereference on invalid signing keys
 * Fix NULL pointer dereference in the MKV demuxer
 * Fix an integer overflow in the spudec decoder
 * Fix an integer overflow in the nsc demuxer
 * Fix an integer overflow in the avi demuxer
 * Fix reads of uninitialized pointers in the MKV demuxer
 * Fix a floating point exception in the MKV demuxer
 * Fix an infinite loop in the flac packetizer

    .NET Framework 4.8

    in Speccy

    Posted

    good wish :-)

     

    i mean ms has another wishes with his versions of netframework...

     

    from the beginning with 1 and 1.1 and 2 - two is not compatible with one and so on (i remember me darkly that are two different developer)

    also the different versions of the 2 dont be good

     

    and the installation progress was long sometimes also bad and the whole net-installation was for the toilet :-)

     

    i have 4.8 not installed.

    i take only what this or one needed to be run - this also saves me a lot of updates

    The Firefox/Mozilla Thread

    in Software

    Posted

    ff v60.7.2 esr

     

    20. june 2019

     

    Fixed

     

    Quote

    CVE-2019-11708: sandbox escape using Prompt:Open

    Reporter
    Coinbase Security
    Impact
    high
    Description

    Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer.

     

    The Firefox/Mozilla Thread

    in Software

    Posted

    belated ff 67.0.2 ...

     

    11. juni 2019

     

    Fixed

    • Fix JavaScript error ("TypeError: data is null in PrivacyFilter.jsm") in console which may significantly degrade sessionstore reliability and performance (bug 1553413)

    • Proxy authentication dialog box repeatedly pops up asking to authenticate after upgrading to Firefox 67 (bug 1548804)

    • Pearson MyCloud breaks if FIDO U2F is not Chrome's implementation (bug 1551282)

    • Starting in safe mode on Linux or macOS causes Firefox to think on the subsequent launch that the profile is too recent to be used with this version of Firefox (bug 1556612)

    • Linux distribution users can't easily install/use additional/different languages using the built-in preferences UI (bug 1554744)

    • Developer tools users can't copy the href/src content from various HTML tags via the context menu in the Inspector markup view (bug 1552275)

    • Custom home page is broken with clearing data on shutdown settings applied (bug 1554167)

    • Performance-regression for eclipse RAP based applications (bug 1555962)

    • macOS 10.15 crash fix (bug 1556076)

    • Can't start two downloads in parallel via <a download> anymore (bug 1542912)

    Deletes MS Office 365

    in CCleaner Bug Reporting

    Posted

    i mean office 365 is the same "installation" as ms office 2010 starter (click & run) only cached on the os

    Quote

    Once fully downloaded, the product is cached locally, and users are free to disconnect from the internet and continue using their Office products:

    Quote

    The products still run locally utilizing the PC’s resources, they don’t “run in the cloud”.

    Quote

    Click-to-Run products are virtualized

     

     

    do you use "winapp2.ini"?

     

    vlc media player

    in Software

    Posted 

    Changes between 3.0.7 and 3.0.7.1:
----------------------------------

Access:
 * Update libbluray to 1.1.2

macOS:
 * Fix bluray java menu playback regression in 3.0.7

Video Output:
 * Fix hardware acceleration with some AMD drivers
 * Improve direct3d11 HDR support

    vlc media player

    in Software

    Posted 

    Changes between 3.0.6 and 3.0.7:
--------------------------------

Access:
 * Improve Blu-ray support
 * Fix sftp module build with libssh >= 1.8.1

Audio output:
 * Fix pass-through on Android-23
 * Fix DirectSound drain

Demux:
 * Improve MP4 support

Video Output:
 * Fix 12 bits sources playback with Direct3D11
 * Fix crash on iOS
 * Fix midstream aspect-ratio changes when Windows hardware decoding is on
 * Fix HLG display with Direct3D11

Stream Output:
 * Improve Chromecast support with new ChromeCast apps

macOS:
 * Fix UPNP service discovery, services are discovered on the highest priority
   active network interface now
 * Fix video distortion on macOS Mojave

Misc:
 * Update Youtube, Dailymotion, Vimeo, Soundcloud scripts
 * Work around busy looping when playing an invalid item with loop enabled

Translations:
 * Update of most translations

Security:
 * Fix multiple buffer overflows in the ps demuxer
 * Fix a buffer overflow when copying a biplanar YUV image
 * Fix multiple buffer overflows in the faad decoder
 * Fix buffer overflow in the svcdsub decoder
 * Fix buffer overflows in the ogg muxer & demuxer
 * Fix buffer overflows in libavformat demuxer
 * Fix multiple buffer overflows in the MKV demuxer
 * Fix a buffer overflow in the MP4 demuxer
 * Fix a buffer overflow in the textst decoder
 * Fix a buffer overflow in the webvtt decoder
 * Fix a buffer overflow in the ASF demux
 * Fix a buffer overflow in the UPNP SD
 * Fix use after free in the ogg demuxer
 * Fix multiple use after free in the MKV demuxer
 * Fix multiple use after free in the DMO decoder
 * Fix integer underflow in the MKV demuxer
 * Fix an updater NULL pointer dereference on invalid signing keys
 * Fix NULL pointer dereference in the MKV demuxer
 * Fix an integer overflow in the spudec decoder
 * Fix an integer overflow in the nsc demuxer
 * Fix an integer overflow in the avi demuxer
 * Fix reads of uninitialized pointers in the MKV demuxer
 * Fix a floating point exception in the MKV demuxer
 * Fix an infinite loop in the flac packetizer

    Build 5.58.7209 hangs on Temp folder

    in CCleaner Bug Reporting

    Posted

    what temporary files we are talking about?

     

    c:\windows\temp?

    c:\users\you\appdata\local\temp?

     

    if ccleaner not works fast enought/hangs... windows disk cleanup take is time too... try this

     

    open your windows-explorer

    go to "c:\windows\temp"

    in this folder -> "select all" (subfolders and files in temp) -> delete it

    go to c:\users\you\appdata\local\temp

    in this folder -> "select all" (subfolders and files in temp) -> delete it

     

     

    ps: i have it in ccleaner -> includelist with option "with files and subfolders"

    ublock users

    in Software

    Posted

    ublock v1.20.0

     

    gorhill released this

    Jun 14, 2019

     

    Closed as fixed

    Commits with no entry in issue tracker

     

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept