Palemoon in debian

If none of the more specific forums is the right place to ask

Re: Palemoon in debian

Postby Head_on_a_Stick » 2018-09-30 10:32

debiman wrote:can a browser like links or w3m be vulnerable, i.e. used as an attack vector on the system? how and to what extent?

https://www.cvedetails.com/vulnerabilit ... links.html
I suffer from depression and may lash out occasionally, try not to take it personally.
User avatar
Head_on_a_Stick
 
Posts: 8167
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: Palemoon in debian

Postby pcalvert » 2018-09-30 18:34

If you're going to use a web browser (installed from a Debian repository) other than Chromium or Firefox, it would probably be a good idea to sandbox it using Firejail.

Phil
“Property is the fruit of labor; property is desirable; it is a positive good
in the world. That some should be rich shows that others may become
rich, and hence is just encouragement to industry and enterprise.”
— Abraham Lincoln
pcalvert
 
Posts: 1802
Joined: 2006-04-21 11:19
Location: Sol Sector

Re: Palemoon in debian

Postby bw123 » 2018-09-30 19:16

Head_on_a_Stick wrote:
debiman wrote:can a browser like links or w3m be vulnerable, i.e. used as an attack vector on the system? how and to what extent?

https://www.cvedetails.com/vulnerabilit ... links.html

links ver is at 2.14 in stretch, elinks is at 0.12~pre6-12 so none of those seem active?

Is palemoon vulnerable to mozilla's cve?
https://www.cvedetails.com/vulnerabilit ... zilla.html
User avatar
bw123
 
Posts: 3517
Joined: 2011-05-09 06:02
Location: TN_USA

Re: Palemoon in debian

Postby bentHnau » 2018-09-30 19:29

sayansg wrote:Is there any way to install palemoon in debian?

I'm a big fan of palemoon. It's a great deal faster and less resource intensive than firefox, especially on older hardware. Is there any reason why it isn't in debian repo? Is there any security concerns? I found a workaround, a repo in opensuse by steve. What about add-ons? Are they safe to install?

I'm asking this because I see several mediocre web browsers(like netsurf) in debian repo but no palemoon.

As an alternative to installation, I have simply run it from the download folder, but I'd rather not use something that isn't in the Debian main repos. I don't consider any Firefox-type addons to be safe. FYI, if you are a NoScript fan, it has been marked unsafe (or something, I can't remember the exact wording) in Palemoon and users can no longer receive support for it.
Debian Stretch x64 on a Dell XPS 17 laptop
bentHnau
 
Posts: 123
Joined: 2014-01-07 01:43
Location: California

Re: Palemoon in debian

Postby debiman » 2018-10-01 06:11

Head_on_a_Stick wrote:
debiman wrote:can a browser like links or w3m be vulnerable, i.e. used as an attack vector on the system? how and to what extent?

https://www.cvedetails.com/vulnerabilit ... links.html

interesting.
does it say when or if those are fixed? i could not find this information.
also, it says "Gained Access Level: None" except for one, that says a local user can gain user access - so not from the internet afaics.
and: 7 vulnerabilites in 15 years - i bet it looks very different for something like firefox:
https://www.cvedetails.com/vulnerabilit ... refox.html
hint: look for descriptions like "script to execute". the word "script" isn't found anywhere on the elinks page.
this was my initial argument.
User avatar
debiman
 
Posts: 3015
Joined: 2013-03-12 07:18

Re: Palemoon in debian

Postby Head_on_a_Stick » 2018-10-01 07:47

^ Not sure, tbh, I just posted the link in the hope you would do some digging :mrgreen:
I suffer from depression and may lash out occasionally, try not to take it personally.
User avatar
Head_on_a_Stick
 
Posts: 8167
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: Palemoon in debian

Postby bentHnau » 2018-10-01 15:59

debiman wrote:and: 7 vulnerabilites in 15 years - i bet it looks very different for something like firefox:
https://www.cvedetails.com/vulnerabilit ... refox.html

The fewer vulnerabilities found is also related to the smaller number of people using/testing/targeting those text-based/javascript-less browsers (in addition to the number of actual security issues each one has).
Debian Stretch x64 on a Dell XPS 17 laptop
bentHnau
 
Posts: 123
Joined: 2014-01-07 01:43
Location: California

Re: Palemoon in debian

Postby debiman » 2018-10-01 16:20

how can my computer be open to attack through the browser without client-side scripting?
i don't think it can, but please tell me how if i'm wrong.

i understand that there's other forms of vulnerabilities - vulnerabilities to the data transmitted.
but vulnerabilites to the operating- and filesystem running the browser?
without the option to execute scripts transmitted from the originating site?
User avatar
debiman
 
Posts: 3015
Joined: 2013-03-12 07:18

Re: Palemoon in debian

Postby MagicPoulp » 2018-11-06 09:12

Why do you want to use Palemoon?

Is there anything you can do in Pale Moon that you cannot with Firefox?

If it is about speed, Frefox Quantum has made Firefox much faster than before.
MagicPoulp
 
Posts: 21
Joined: 2018-11-05 21:30

Re: Palemoon in debian

Postby anticapitalista » 2018-11-08 09:41

MagicPoulp wrote:Why do you want to use Palemoon?

Is there anything you can do in Pale Moon that you cannot with Firefox?

If it is about speed, Frefox Quantum has made Firefox much faster than before.


Maybe it is down to RAM usage.

Code: Select all
pmem
 Private  +   Shared  =  RAM used   Program

338.5 MiB +   4.6 MiB = 343.1 MiB   palemoon
486.5 MiB +  89.6 MiB = 576.2 MiB   firefox-esr (5)

antiX "Heather Heyer" - lean and mean.
http://antix.mepis.org
anticapitalista
 
Posts: 332
Joined: 2007-12-14 23:16

Previous

Return to General Questions

Who is online

Users browsing this forum: fred44nl and 2 guests

fashionable