Palemoon in debian

If none of the more specific forums is the right place to ask

Re: Palemoon in debian

Postby Head_on_a_Stick » 2018-09-30 10:32

debiman wrote:can a browser like links or w3m be vulnerable, i.e. used as an attack vector on the system? how and to what extent?

https://www.cvedetails.com/vulnerabilit ... links.html
User avatar
Head_on_a_Stick
 
Posts: 8012
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: Palemoon in debian

Postby pcalvert » 2018-09-30 18:34

If you're going to use a web browser (installed from a Debian repository) other than Chromium or Firefox, it would probably be a good idea to sandbox it using Firejail.

Phil
“Property is the fruit of labor; property is desirable; it is a positive good
in the world. That some should be rich shows that others may become
rich, and hence is just encouragement to industry and enterprise.”
— Abraham Lincoln
pcalvert
 
Posts: 1799
Joined: 2006-04-21 11:19
Location: Sol Sector

Re: Palemoon in debian

Postby bw123 » 2018-09-30 19:16

Head_on_a_Stick wrote:
debiman wrote:can a browser like links or w3m be vulnerable, i.e. used as an attack vector on the system? how and to what extent?

https://www.cvedetails.com/vulnerabilit ... links.html

links ver is at 2.14 in stretch, elinks is at 0.12~pre6-12 so none of those seem active?

Is palemoon vulnerable to mozilla's cve?
https://www.cvedetails.com/vulnerabilit ... zilla.html
User avatar
bw123
 
Posts: 3414
Joined: 2011-05-09 06:02
Location: TN_USA

Re: Palemoon in debian

Postby bentHnau » 2018-09-30 19:29

sayansg wrote:Is there any way to install palemoon in debian?

I'm a big fan of palemoon. It's a great deal faster and less resource intensive than firefox, especially on older hardware. Is there any reason why it isn't in debian repo? Is there any security concerns? I found a workaround, a repo in opensuse by steve. What about add-ons? Are they safe to install?

I'm asking this because I see several mediocre web browsers(like netsurf) in debian repo but no palemoon.

As an alternative to installation, I have simply run it from the download folder, but I'd rather not use something that isn't in the Debian main repos. I don't consider any Firefox-type addons to be safe. FYI, if you are a NoScript fan, it has been marked unsafe (or something, I can't remember the exact wording) in Palemoon and users can no longer receive support for it.
Debian Stretch x64 on a Dell XPS 17 laptop
bentHnau
 
Posts: 120
Joined: 2014-01-07 01:43
Location: California

Re: Palemoon in debian

Postby debiman » 2018-10-01 06:11

Head_on_a_Stick wrote:
debiman wrote:can a browser like links or w3m be vulnerable, i.e. used as an attack vector on the system? how and to what extent?

https://www.cvedetails.com/vulnerabilit ... links.html

interesting.
does it say when or if those are fixed? i could not find this information.
also, it says "Gained Access Level: None" except for one, that says a local user can gain user access - so not from the internet afaics.
and: 7 vulnerabilites in 15 years - i bet it looks very different for something like firefox:
https://www.cvedetails.com/vulnerabilit ... refox.html
hint: look for descriptions like "script to execute". the word "script" isn't found anywhere on the elinks page.
this was my initial argument.
User avatar
debiman
 
Posts: 2927
Joined: 2013-03-12 07:18

Re: Palemoon in debian

Postby Head_on_a_Stick » 2018-10-01 07:47

^ Not sure, tbh, I just posted the link in the hope you would do some digging :mrgreen:
User avatar
Head_on_a_Stick
 
Posts: 8012
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: Palemoon in debian

Postby bentHnau » 2018-10-01 15:59

debiman wrote:and: 7 vulnerabilites in 15 years - i bet it looks very different for something like firefox:
https://www.cvedetails.com/vulnerabilit ... refox.html

The fewer vulnerabilities found is also related to the smaller number of people using/testing/targeting those text-based/javascript-less browsers (in addition to the number of actual security issues each one has).
Debian Stretch x64 on a Dell XPS 17 laptop
bentHnau
 
Posts: 120
Joined: 2014-01-07 01:43
Location: California

Re: Palemoon in debian

Postby debiman » 2018-10-01 16:20

how can my computer be open to attack through the browser without client-side scripting?
i don't think it can, but please tell me how if i'm wrong.

i understand that there's other forms of vulnerabilities - vulnerabilities to the data transmitted.
but vulnerabilites to the operating- and filesystem running the browser?
without the option to execute scripts transmitted from the originating site?
User avatar
debiman
 
Posts: 2927
Joined: 2013-03-12 07:18

Previous

Return to General Questions

Who is online

Users browsing this forum: No registered users and 9 guests

fashionable