Jump to content
CCleaner Community Forums

trium

Experienced Members
  • Content Count

    2,167
  • Joined

  • Last visited

Posts posted by trium

  1. On 02/08/2020 at 13:54, Dave CCleaner said:

    For paid users it will show their expiry status

     

    perhaps there can be a script to display the pear again -> for free users  -no need to show expire date but good to bring back the pear :-)

  2. ublock v1.29.0

    gorhill released this

    13 days ago

    Closed as fixed:

    Chromium

    Firefox

    Core

    Notable commits with no entry in issue tracker:

  3. ff v68.11.0 esr

    28. july 2020

    Fixed

     

    Quote

     

    Security Vulnerabilities fixed in Firefox ESR 68.11

    Announced July 28, 2020
    Impact high
    Products Firefox ESR
    Fixed in
    • Firefox ESR 68.11

    #CVE-2020-15652: Potential leak of redirect targets when loading scripts in a worker

    Reporter Mikhail Oblozhikhin
    Impact high
    Description

    By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script.

    References

    #CVE-2020-6514: WebRTC data channel leaks internal address to peer

    Reporter Natalie Silvanovich of Google Project Zero
    Impact high
    Description

    WebRTC used the memory address of a class instance as a connection identifier. Unfortunately, this value is often transmitted to the peer, which allows bypassing ASLR.

    References

    #CVE-2020-6463: Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture

    Reporter Reported by Pawel Wylecial of REDTEAM.PL
    Impact moderate
    Description

    Crafted media files could lead to a race in texture caches, resulting in a use-after-free, memory corruption, and a potentially exploitable crash.

    References

    #CVE-2020-15650: Overwriting local files through malicious file picker application

    Reporter Pedro Oliveira
    Impact moderate
    Description

    Given an installed malicious file picker application, an attacker was able to overwrite local files and thus overwrite Firefox settings (but not access the previous profile).
    Note: This issue only affected Firefox for Android. Other operating systems are unaffected.

    References

    #CVE-2020-15649: Exfiltrating local files through malicious file picker application

    Reporter Pedro Oliveira
    Impact moderate
    Description

    Given an installed malicious file picker application, an attacker was able to steal and upload local files of their choosing, regardless of the actually files picked.
    Note: This issue only affected Firefox for Android. Other operating systems are unaffected.

    References

    #CVE-2020-15659: Memory safety bugs fixed in Firefox 79 and Firefox ESR 68.11

    Reporter Mozilla developers
    Impact high
    Description

    Mozilla developers Jason Kratzer and Luke Wagner reported memory safety bugs present in Firefox 78 and Firefox ESR 68.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

    References

     

  4. ff v79.0

    28. july 2020

    New

    • We’ve rolled out WebRender to more Windows users with Intel and AMD GPUs, bringing improved graphics performance to an even larger audience.

    • Firefox users in Germany will now see more Pocket recommendations in their new tab featuring some of the best stories on the web. If you don’t see them, you can turn on Pocket articles in your new tab by following these steps.

     

    Fixed

    • Various security fixes.

    • Several crashes while using a screen reader were fixed, including a frequently encountered crash when using the JAWS screen reader.

    • Firefox Developer Tools received significant fixes allowing screen reader users to benefit from some of the tools that were previously inaccessible.

    • SVG title and desc elements (labels and descriptions) are now correctly exposed to assistive technology products such as screen readers.

     

    Enterprise

    • A number of bug fixes and new policies have been implemented in the latest version of Firefox. You can see more details in the Firefox for Enterprise 79 Release Notes.

    • Updates to the password policy allow admins to require a primary password (formerly called master password. Previously the policy could disable the primary password but not force a primary password. Users required to use a primary password will only be asked to create a primary password the first time they try to save a password.

     

    Developer

    Developer Information

    • Newly added asynchronous call stacks let developers trace their async code through events, timeouts, and promises. The async execution chains are shown in the Debugger’s call stack, but also for stack traces in Console errors and Network initiators.

    • Erroneous network responses with 4xx/5xx status codes display as errors in the Console, making it easy to understand them in the context of related logs. The request/response details can be expanded or resent for quick debugging.

    • JavaScript errors are now visible not only in the Console, but also in the Debugger. The relevant line of code will be highlighted and display error details on hover.

    • Opening SCSS and CSS-in-JS sources from the Inspector now works more reliably thanks to improved source map handling across all panels.

    • Inspecting accessibility properties from the browser context menu is now available to all users by default.

  5. ublock v1.28.2

    gorhill released this

    Jul 11, 2020

    Changes:

    Both stock malware domain lists, which are enabled by default in uBO, have been replaced by URLhaus Malicious URL blocklist, which is now enabled by default in uBO.

    For existing installations, both removed malware lists will be moved to the Custom section if you still have them enabled. It is recommended you remove these lists from your Custom lists -- only you can do this, uBO does not remove lists which are currently enabled. It may take a few days before you are updated with the new default stock lists.

    Closed as fixed:

  6. ublock v1.28.0

    gorhill released this

    Jun 30, 2020

    Changes:

    ##script:inject(...), which has been deprecated in favor of ##+js(...) for more than two years, is no longer supported.

    It's no longer possible to point-and-click to create allow (green) rules from within the popup panel by default. This change is motivated by seeing way too many cases of improper usage of dynamic filtering in which users are creating allow (green) rules where noop (gray) rules should have been used. You can get back temporarily the ability to create allow rules from within the popup panel by tapping twice the Ctrl key.

    Improved syntax highlighting of static filters in "My filters" and asset viewer. Additionally, in "My filters":

    • Ability to toggle commenting out of filter(s) by pressing the Tab key
    • Auto-completion using Ctrl-Space, this works for:
      • Static filter options
      • Resource names for redirect= option
      • Procedural operators for cosmetic/HTML filters
      • Scriptlet names for ##+js filters

    Closed as fixed:

    Chromium 65

    Chromium

    Core

    Notable commits with no entry in issue tracker:

  7. ff v78.0 esr -> new ESR-Line

    30. june 2020

    New

    • Some of the highlights of the new Extended Support Release are:

      • Kiosk mode
      • Client certificates
      • Service Worker and Push APIs are now enabled
      • The Block Autoplay feature is enabled
      • Picture-in-picture support
      • View and manage web certificates in about:certificate

      For more information about what's new in the Firefox 78 ESR release, see the more detailed release notes at support.mozilla.org.

     

    Developer

×
×
  • Create New...