Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
Palemoon in debian
Palemoon in debian
Is there any way to install palemoon in debian?
I'm a big fan of palemoon. It's a great deal faster and less resource intensive than firefox, especially on older hardware. Is there any reason why it isn't in debian repo? Is there any security concerns? I found a workaround, a repo in opensuse by steve. What about add-ons? Are they safe to install?
I'm asking this because I see several mediocre web browsers(like netsurf) in debian repo but no palemoon.
I'm a big fan of palemoon. It's a great deal faster and less resource intensive than firefox, especially on older hardware. Is there any reason why it isn't in debian repo? Is there any security concerns? I found a workaround, a repo in opensuse by steve. What about add-ons? Are they safe to install?
I'm asking this because I see several mediocre web browsers(like netsurf) in debian repo but no palemoon.
-
- Posts: 1101
- Joined: 2016-01-07 12:25
- Has thanked: 5 times
- Been thanked: 16 times
Re: Palemoon in debian
I use Palemoon and find it quite good and add-ons can be used usually without issue but as with any software you install you should check it out first, I followed the palemoon website instructions to install it on my system and everything went smoothly.
Re: Palemoon in debian
Same here, I've been using Pale Moon in Debian Stretch. My preferred approach: I simply downloaded the tarball, extracted it to /opt, and ran the chown command as shown in this thread: https://forum.palemoon.org/viewtopic.php?f=37&t=19828
- GarryRicketson
- Posts: 5644
- Joined: 2015-01-20 22:16
- Location: Durango, Mexico
Re: Palemoon in debian
Obviously, you know there is ways to install it:
https://lists.debian.org/debian-project ... 00016.html
https://www.cvedetails.com/vulnerabilit ... emoon.html
But you really should read some of the other results, using those keywords, there seem to be some, depending on your system, that you did not bother to give any details for.
Honestly, why don't you just read the Palemoon FAQ, and since you have so many questions about Palemoon, sign up to their forum and asks these questions there ?
https://www.palemoon.org/faq.shtml
====================
https://forum.palemoon.org/index.php
You are asking this, because you just did not want to do your own searches, I guess, or maybe there are other motives, ? Like telling us the other browsers are "mediocre", ? And you think Debian should include Palemoon in the repositories ?
I found a workaround, a repo in opensuse by steve.
A little more search foo: Keywords:sayansg » Is there any reason why it isn't in debian repo?
Code: Select all
Why is Palemoon not in the Debian repositories
Key Words:sayansg »Is there any security concerns?
Code: Select all
Is there any security concerns for Palemoon
But you really should read some of the other results, using those keywords, there seem to be some, depending on your system, that you did not bother to give any details for.
by sayansg » What about add-ons? Are they safe to install?
Code: Select all
What about addons and plugins on Palemoon , are they safe ?
https://www.palemoon.org/faq.shtml
====================
https://forum.palemoon.org/index.php
The browsers you call "mediocre", in YOUR opinion only, are good browsers, and those are what Debian has in their repositories, because those are ones that are acceptable for Debian, and their packaging policy.I'm asking this because---- snip---
You are asking this, because you just did not want to do your own searches, I guess, or maybe there are other motives, ? Like telling us the other browsers are "mediocre", ? And you think Debian should include Palemoon in the repositories ?
"What we expect you have already Done"
==========
Old Website
======================
For the Birds
==================
What Does a Parrot Know About PTSD?
==========
Old Website
======================
For the Birds
==================
What Does a Parrot Know About PTSD?
Re: Palemoon in debian
My Dear Garry,
I did not have any ulterior motive for asking the questions that I asked. They were honest questions, but admittedly ones asked without doing any searches in the forum first.
I did not have any ulterior motive for asking the questions that I asked. They were honest questions, but admittedly ones asked without doing any searches in the forum first.
- GarryRicketson
- Posts: 5644
- Joined: 2015-01-20 22:16
- Location: Durango, Mexico
Re: Palemoon in debian
No problem, Oh, and on the security issues, I noticed something mentioned, but seems to be if it is a non-systemd system, I did not look at the details.
"What we expect you have already Done"
==========
Old Website
======================
For the Birds
==================
What Does a Parrot Know About PTSD?
==========
Old Website
======================
For the Birds
==================
What Does a Parrot Know About PTSD?
Re: Palemoon in debian
The browsers in the main repo are free, including source code, and their licenses all allow you to alter and redistribute them. Debian has made a promise to remain 100% free https://www.debian.org/social_contract even though the distribution can work with software that is non-free.sayansg wrote:Is there any way to install palemoon in debian?
I'm a big fan of palemoon. It's a great deal faster and less resource intensive than firefox, especially on older hardware. Is there any reason why it isn't in debian repo? Is there any security concerns? I found a workaround, a repo in opensuse by steve. What about add-ons? Are they safe to install?
I'm asking this because I see several mediocre web browsers(like netsurf) in debian repo but no palemoon.
https://www.palemoon.org/redist.shtml
Debian has a security team for the repo. I don't know how palemoon handles it. That is a good question though, and something to consider when installing binaries from outside of Debian repositories.
https://wiki.debian.org/Teams/Security
resigned by AI ChatGPT
- stevepusser
- Posts: 12930
- Joined: 2009-10-06 05:53
- Has thanked: 41 times
- Been thanked: 71 times
Re: Palemoon in debian
Pale Moon has some restrictions on the trademarked name that building it from source against system versions of libraries like libnspr4 and libnss3 per Debian policy would violate. My repo has Pale Moon build and use its internal versions of those libraries instead, so I can use the official branding.
However, Debian would be allowed to build it the Debian way if they used a different package name and graphics, such as the suggested "New Moon", and alternate unofficial graphics are already included in the source. I did it as an experiment once, and it wasn't that difficult to switch it over to that name. Debian would then be free to change the build configuration and patch it as much as they want. I believe that the official version only supports i386 and amd64 builds, and Debian would need to patch the source to get it to build on the other architectures that Debian would want to provide packages for. So that situation is much the same as with Mozilla and Firefox builds.
Pale Moon will also crash if you're using your distro's version of the oxygen-gtk GTK 2 theme, since that theme doesn't know anything about Pale Moon. I have a patched version in my OBS that adds it and "newmoon" to the list of Mozilla-type apps for which it does a crash-preventative workaround--Debian would have to do the same if they added New Moon.
As for addons, I'm pretty sure the ones approved by Pale Moon are going to be OK. You should be able to install older XUL-based ones like Flashgot from the vetted Mozilla Web store, too--at least it works fine for most sites on my install.
However, Debian would be allowed to build it the Debian way if they used a different package name and graphics, such as the suggested "New Moon", and alternate unofficial graphics are already included in the source. I did it as an experiment once, and it wasn't that difficult to switch it over to that name. Debian would then be free to change the build configuration and patch it as much as they want. I believe that the official version only supports i386 and amd64 builds, and Debian would need to patch the source to get it to build on the other architectures that Debian would want to provide packages for. So that situation is much the same as with Mozilla and Firefox builds.
Pale Moon will also crash if you're using your distro's version of the oxygen-gtk GTK 2 theme, since that theme doesn't know anything about Pale Moon. I have a patched version in my OBS that adds it and "newmoon" to the list of Mozilla-type apps for which it does a crash-preventative workaround--Debian would have to do the same if they added New Moon.
As for addons, I'm pretty sure the ones approved by Pale Moon are going to be OK. You should be able to install older XUL-based ones like Flashgot from the vetted Mozilla Web store, too--at least it works fine for most sites on my install.
MX Linux packager and developer
Re: Palemoon in debian
this seems to be causing some confusion.sayansg wrote:I found a workaround, a repo in opensuse by steve.
steve pusser's debian repos are debian repos, even if they are hosted on an opensuse site.
- stevepusser
- Posts: 12930
- Joined: 2009-10-06 05:53
- Has thanked: 41 times
- Been thanked: 71 times
Re: Palemoon in debian
Yes, I also have the OBS build Ubuntu packages from one source code upload: https://build.opensuse.org/package/show ... r/palemoon
If I knew how, I could also have it build Arch, SUSE, Fedora, and many other distro packages, like the SMPlayer developer does: https://build.opensuse.org/package/show ... v/smplayer
If I knew how, I could also have it build Arch, SUSE, Fedora, and many other distro packages, like the SMPlayer developer does: https://build.opensuse.org/package/show ... v/smplayer
MX Linux packager and developer
Re: Palemoon in debian
Thanks a lot steve.
I installed palemoon 28.1.0 32-bit from the opensuse site following your directions as mentioned in palemoon forum. Great software.
Only had one slight problem. The preference menu items were static. But as suggested by someone in mx linux from, I think, I changed animatefadein to true and the issue was resolved.
Thanks for making palemoon work on debian. It's fast as ever and has a good collection of add-ons.
Cheers.
I installed palemoon 28.1.0 32-bit from the opensuse site following your directions as mentioned in palemoon forum. Great software.
Only had one slight problem. The preference menu items were static. But as suggested by someone in mx linux from, I think, I changed animatefadein to true and the issue was resolved.
Thanks for making palemoon work on debian. It's fast as ever and has a good collection of add-ons.
Cheers.
-
- Posts: 1939
- Joined: 2006-04-21 11:19
- Location: Sol Sector
- Has thanked: 1 time
- Been thanked: 2 times
Re: Palemoon in debian
One thing to keep in mind about the more obscure web browsers, like NetSurf, is that they never receive any security updates. According to what I read, in Debian stable only Chromium and Firefox receive security updates. I like NetSurf because it opens very quickly, but because it doesn't receive security updates I only use it to perform a periodic quick check of a particular website that I trust.GarryRicketson wrote: The browsers you call "mediocre", in YOUR opinion only, are good browsers, and those are what Debian has in their repositories, because those are ones that are acceptable for Debian, and their packaging policy.
Phil
Freespoke is a new search engine that respects user privacy and does not engage in censorship.
Re: Palemoon in debian
^ not sure, but i think most if not all security vulnerabilities are tied to javascript (or other forms of client-side scripting).
since these "small" browsers (*) do not support javascript (or other forms of client-side scripting) at all (with the exception of netsurf) one might consider them "unhackable", no?
(*) meaning dillo, w3m, links etc.
NOT falkon, surf, dwb, etc. otoh, if those are built around a constantly updated web engine, they are inherently as safe as that engine.
problem is, they often require special builds of those web engines, which are then not updated so often.
it's a mess.
since these "small" browsers (*) do not support javascript (or other forms of client-side scripting) at all (with the exception of netsurf) one might consider them "unhackable", no?
(*) meaning dillo, w3m, links etc.
NOT falkon, surf, dwb, etc. otoh, if those are built around a constantly updated web engine, they are inherently as safe as that engine.
problem is, they often require special builds of those web engines, which are then not updated so often.
it's a mess.
- Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 133 times
Re: Palemoon in debian
No, the vulnerabilities are because of the outdated webkit libraries supplied with Debian stable:debiman wrote:^ not sure, but i think most if not all security vulnerabilities are tied to javascript (or other forms of client-side scripting).
https://www.debian.org/releases/stable/ ... r-security
deadbang
Re: Palemoon in debian
^ yes yes i have seen that many times.
it does not contradict what i asked.
i am really not sure myself about this, but what vulnerabilites can there be without client-side scripting?
in other words, can a browser like links or w3m be vulnerable, i.e. used as an attack vector on the system? how and to what extent?
it does not contradict what i asked.
i am really not sure myself about this, but what vulnerabilites can there be without client-side scripting?
in other words, can a browser like links or w3m be vulnerable, i.e. used as an attack vector on the system? how and to what extent?
- Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 133 times
Re: Palemoon in debian
https://www.cvedetails.com/vulnerabilit ... links.htmldebiman wrote:can a browser like links or w3m be vulnerable, i.e. used as an attack vector on the system? how and to what extent?
deadbang
-
- Posts: 1939
- Joined: 2006-04-21 11:19
- Location: Sol Sector
- Has thanked: 1 time
- Been thanked: 2 times
Re: Palemoon in debian
If you're going to use a web browser (installed from a Debian repository) other than Chromium or Firefox, it would probably be a good idea to sandbox it using Firejail.
Phil
Phil
Freespoke is a new search engine that respects user privacy and does not engage in censorship.
Re: Palemoon in debian
links ver is at 2.14 in stretch, elinks is at 0.12~pre6-12 so none of those seem active?Head_on_a_Stick wrote:https://www.cvedetails.com/vulnerabilit ... links.htmldebiman wrote:can a browser like links or w3m be vulnerable, i.e. used as an attack vector on the system? how and to what extent?
Is palemoon vulnerable to mozilla's cve?
https://www.cvedetails.com/vulnerabilit ... zilla.html
resigned by AI ChatGPT
Re: Palemoon in debian
As an alternative to installation, I have simply run it from the download folder, but I'd rather not use something that isn't in the Debian main repos. I don't consider any Firefox-type addons to be safe. FYI, if you are a NoScript fan, it has been marked unsafe (or something, I can't remember the exact wording) in Palemoon and users can no longer receive support for it.sayansg wrote:Is there any way to install palemoon in debian?
I'm a big fan of palemoon. It's a great deal faster and less resource intensive than firefox, especially on older hardware. Is there any reason why it isn't in debian repo? Is there any security concerns? I found a workaround, a repo in opensuse by steve. What about add-ons? Are they safe to install?
I'm asking this because I see several mediocre web browsers(like netsurf) in debian repo but no palemoon.
Re: Palemoon in debian
interesting.Head_on_a_Stick wrote:https://www.cvedetails.com/vulnerabilit ... links.htmldebiman wrote:can a browser like links or w3m be vulnerable, i.e. used as an attack vector on the system? how and to what extent?
does it say when or if those are fixed? i could not find this information.
also, it says "Gained Access Level: None" except for one, that says a local user can gain user access - so not from the internet afaics.
and: 7 vulnerabilites in 15 years - i bet it looks very different for something like firefox:
https://www.cvedetails.com/vulnerabilit ... refox.html
hint: look for descriptions like "script to execute". the word "script" isn't found anywhere on the elinks page.
this was my initial argument.