Palemoon in debian

[Head_on_a_Stick]

can a browser like links or w3m be vulnerable, i.e. used as an attack vector on the system? how and to what extent?

https://www.cvedetails.com/vulnerabilit ... links.html

[pcalvert]

If you're going to use a web browser (installed from a Debian repository) other than Chromium or Firefox, it would probably be a good idea to sandbox it using Firejail.

Phil

[bw123]

can a browser like links or w3m be vulnerable, i.e. used as an attack vector on the system? how and to what extent?

https://www.cvedetails.com/vulnerabilit ... links.html

links ver is at 2.14 in stretch, elinks is at 0.12~pre6-12 so none of those seem active?

Is palemoon vulnerable to mozilla's cve?
https://www.cvedetails.com/vulnerabilit ... zilla.html

[bentHnau]

Is there any way to install palemoon in debian?

I'm a big fan of palemoon. It's a great deal faster and less resource intensive than firefox, especially on older hardware. Is there any reason why it isn't in debian repo? Is there any security concerns? I found a workaround, a repo in opensuse by steve. What about add-ons? Are they safe to install?

I'm asking this because I see several mediocre web browsers(like netsurf) in debian repo but no palemoon.

As an alternative to installation, I have simply run it from the download folder, but I'd rather not use something that isn't in the Debian main repos. I don't consider any Firefox-type addons to be safe. FYI, if you are a NoScript fan, it has been marked unsafe (or something, I can't remember the exact wording) in Palemoon and users can no longer receive support for it.

[debiman]

can a browser like links or w3m be vulnerable, i.e. used as an attack vector on the system? how and to what extent?

https://www.cvedetails.com/vulnerabilit ... links.html

interesting.
does it say when or if those are fixed? i could not find this information.
also, it says "Gained Access Level: None" except for one, that says a local user can gain user access - so not from the internet afaics.
and: 7 vulnerabilites in 15 years - i bet it looks very different for something like firefox:
https://www.cvedetails.com/vulnerabilit ... refox.html
hint: look for descriptions like "script to execute". the word "script" isn't found anywhere on the elinks page.
this was my initial argument.

[Head_on_a_Stick]

^ Not sure, tbh, I just posted the link in the hope you would do some digging

[bentHnau]

and: 7 vulnerabilites in 15 years - i bet it looks very different for something like firefox:
https://www.cvedetails.com/vulnerabilit ... refox.html

The fewer vulnerabilities found is also related to the smaller number of people using/testing/targeting those text-based/javascript-less browsers (in addition to the number of actual security issues each one has).

[debiman]

how can my computer be open to attack through the browser without client-side scripting?
i don't think it can, but please tell me how if i'm wrong.

i understand that there's other forms of vulnerabilities - vulnerabilities to the data transmitted.
but vulnerabilites to the operating- and filesystem running the browser?
without the option to execute scripts transmitted from the originating site?

[MagicPoulp]

Why do you want to use Palemoon?

Is there anything you can do in Pale Moon that you cannot with Firefox?

If it is about speed, Frefox Quantum has made Firefox much faster than before.

[anticapitalista]

Why do you want to use Palemoon?

Is there anything you can do in Pale Moon that you cannot with Firefox?

If it is about speed, Frefox Quantum has made Firefox much faster than before.

Maybe it is down to RAM usage.

Code: Select all

pmem
 Private  +   Shared  =  RAM used	Program

338.5 MiB +   4.6 MiB = 343.1 MiB	palemoon
486.5 MiB +  89.6 MiB = 576.2 MiB	firefox-esr (5)

[NorthEast]

Is there anything you can do in Pale Moon that you cannot with Firefox?

firefox won't add on an ad blocker, but palemoon is fine with one. This is on debian testing.

[stevepusser]

Is there anything you can do in Pale Moon that you cannot with Firefox?

firefox won't add on an ad blocker, but palemoon is fine with one. This is on debian testing.

What? uBlock Origin works fine with FF 63.0.3 for me.

[None1975]

firefox won't add on an ad blocker, but palemoon is fine with one.

You can use NoScript.

[Bulkley]

Why do you want to use Palemoon?

Of all the browsers that I have tried, Palemoon is the most easily configured to the way I want it. Firefox and Chrome are impossibly rigid in some of their aspects. For example, try placing the address bar and menu components on top, bookmarks on the second line and tabs on the third; easily done on Palemoon, impossible on Firefox or Chrome.

[NorthEast]

Is there anything you can do in Pale Moon that you cannot with Firefox?

firefox won't add on an ad blocker, but palemoon is fine with one. This is on debian testing.

What? uBlock Origin works fine with FF 63.0.3 for me.

Hello stevepusser,

Your "What?" suggested that the non-adding on of an adblocker is hardly believable. I guess your experience would support that. Alas, I have not been able to add any adblocker to firefox after following my nose through the steps: GetAddons>FindMoreAddons>AdBlockers>{click on any adblocker}. Then I choose one, and hit "Add to Firefox", but nothing happens and no adding-on is made. That's it. In the distant past I have been able to add an adblocker xpi file to firefox by downloading that file separately, and clicking on an option in firefox to do the adding-on of that xpi file, which worked then, but I can't see how to do that from the gui interface now. Current version: 60.3.0esr-1. I am certainly open to suggestions, but meanwhile Palemoon has been good for me.

[NorthEast]

firefox won't add on an ad blocker, but palemoon is fine with one.

You can use NoScript.

Thanks for that one ... I shall look into seeing if it can do what I'd like it to.

[4D696B65]

[ I have not been able to add any adblocker to firefox after following my nose through the steps: GetAddons>FindMoreAddons>AdBlockers>{click on any adblocker}. Then I choose one, and hit "Add to Firefox", but nothing happens and no adding-on is made. That's it. In the distant past I have been able to add an adblocker xpi file to firefox by downloading that file separately, and clicking on an option in firefox to do the adding-on of that xpi file, which worked then, but I can't see how to do that from the gui interface now. Current version: 60.3.0esr-1. I am certainly open to suggestions, but meanwhile Palemoon has been good for me.

https://packages.debian.org/stretch/xul ... ock-origin

[Head_on_a_Stick]

https://packages.debian.org/stretch/xul ... ock-origin

Ah, that's a transitional package — Debian have moved from the xul-ext-* packages to webext-* instead:

https://packages.debian.org/stretch/web ... ock-origin

Good news indeed!