Recent posts

#1
Pale Moon has been updated to version 33.4.0.  This is a development and security update. 

Changes/fixes:
  • Introduced the "ghostbuster" concept; this is an automated internal mechanism to attempt cleanup of particularly problematic web content after a tab or window is closed. See implementation notes.
  • Added support for the PROT_MPROTECT security feature on targets that use it (notably PaX and NetBSD).
  • Implemented preferences to give the user control over the Same-Origin Policy (SOP) and CORS preflight. See implementation notes.
  • Improved buildability on NetBSD and Altivec architectures.
  • Fixed building issues on Apple Silicon Mac with XCode 16.
  • Added workarounds for non-standard MSE/WebM/VPx encoding on YouTube that could cause video buffering and halting issues.
  • Dev: Changed the default credentials mode for module scripts from 'omit' to 'same-origin', aligning with mainstream.
  • Dev: Implemented getTransform and setTransform with DOMMatrix arguments.
  • Dev: Implemented ES2023 Hashbang grammar proposal.
  • Fixed an issue with JavaScript's StructuredClone.
  • Security issues addressed: CVE-2024-9396.
  • Rejected: CVE-2024-9398 (properly informing the user about attempts to use unhandled protocols by web pages is considered more important than potential determination whether a handler for such a protocol is installed)

Implementation notes:
  • When very complex "modern" websites get closed by the user, it is possible that the browser is unable to properly release all the resources attached to it, especially those resources, modules and scripts that were part of Shadow DOM or complex interlinked module scripts. This can then result in "detached" web content and scripts that continue to use memory, have active event listeners and loaded scripts. Mainstream browsers are less affected by this as their multi-process setups will effectively "throw the baby out with the bath water" by simply killing the relevant content process. Since we don't have that luxury of a lazy solution to an architectural problem, we need to handle these so-called "ghost windows" resulting from this problem internally without restarting the browser process. This version of Pale Moon introduces the "ghostbuster" concept to try and address this: an automated, internal mechanism that periodically checks for the existence of ghost windows and severs links of them, so that garbage/cycle collection can come in afterwards and release the resources, hopefully preventing browser slowdowns and inflated memory usage over time. If this, for some reason, causes issues for you, you can disable the ghostbuster by setting the preference browser.ghostbuster.enabled to false. Also please report (in detail) on the forum about the issue you're having if flipping this preference to false resolves it, so we can look into improving this new feature.
  • By user request, primarily for advanced power users who need this for their local setups, 2 new preferences were introduced to control how the browser deals with same-origin and CORS.
    • security.same_origin_policy.enabled, when set to false, will completely disable checking if scripts are allowed to be loaded based on the same-origin policy. Security warning: this is a really bad idea on the open web and you should never blanket disable the Same-Origin Policy check in a web browser for normal use.
    • content.cors.bypass_preflight_request, when set to true, will no longer send CORS preflight requests or check preflight responses and always allow cross-origin requests. Note that this kind of request is normally only made if sending a request to a server might result in data changes server-side (e.g. POST). This preference only does something when CORS is already disabled; provided primarily for specific corner cases where CORS is disabled and preflight checks (providing an extra safety net for server data) need to be shut off too.
    There are dragons hiding in these two preferences. Please handle them responsibly.

*DiD: This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

**Rejected security patches: This means that patches were theoretically applicable to our code but considered undesirable, which could be due to unwanted changes in behavior, known regressions caused by the patches, or unnecessary risks for stability, security or privacy.

Pale Moon includes both 32- and 64-bit versions for Windows: Pale Moon for Windows downloads.

Update: To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

Release Notes
#2
Browser Guard will now send helpful notifications to users when they visit a website belonging to a company that has suffered a proven data breach in the past 90 days, perhaps warning users about recent data breaches they never heard about.
(Browser Guard will not send repeat notifications that pester return users.)

Browser Guard is also making it easier to stay private online by automatically opting users out of data collection performed by tracking cookies that are littered across the internet, with no extra effort required on users' behalf...  "cookie consent" forms will now be auto-rejected, thus requesting the site to honor the most privacy-preserving settings.

https://www.malwarebytes.com/blog/personal/2024/10/browser-guard-now-flags-data-breaches-and-better-protects-personal-data?


#3
Security Software Programs / Re: SpywareBlaster Updates
Last post by ky331 - October 06, 2024, 10:37:23 AM
SpywareBlaster database update 10/5/2024


 9 NEW items (IE/ActiveX)

11 NEW items (Edge/Scripts)

for a total of 19,312 items in database

After updating, be sure to manually enable all protection.
#4
Adobe is releasing an update with new features and bug fixes for Acrobat and Reader.

Update or Complete Download

Adobe Acrobat and Reader were updated to version 24.003.20180.  Updates should become available via the internal updater or checks can be manually activated by choosing Help/Check for Updates. 

Reader DC and other versions are available here: https://get.adobe.com/reader/

Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

Release Notes
#5
Announcing Windows 11 Insider Preview Build 26120.1930 (Dev Channel)

Changes and Improvements gradually being rolled out to the Dev Channel with toggle on

[General]
  • This update includes a small set of general improvements and fixes that improve the overall experience for Insiders running this build on their PCs.
[Fonts]
  • There is a new simplified Chinese font (Simsun-ExtG) with 9,753 ideographs supporting Unicode Extensions G, H and I. Included is the highly requested character for Biangbiang noodles. This character U+30EDD is said to be the most complicated Chinese character, as you can see in the image below. We are aware that some applications may not be able to display these new extension characters yet.
    • Unicode range G 30000-3134A (4,939 chars)
    • Unicode range H 31350-323AF (4,192 chars)
    • Unicode range I 2EBF0-2EE5D (622 chars)
[Windows Sandbox]
  • The new Windows Sandbox Client Preview that began rolling out with Build 26120.1843 should now be available to all Insiders in the Dev Channel.

Fixes gradually being rolled out to the Dev Channel with toggle on

[Other]
  • Fixed an issue for some Insiders with dual boot devices, where the boot menu (where you select which OS to boot into) wasn't displaying correctly (the color was wrong, and it might only display in half the available space).

Changes and Improvements gradually being rolled out to everyone in the Dev Channel

[Settings]
  • We are adding the ability to configure the Copilot key. You can choose to have the Copilot key launch an app that is MSIX packaged and signed, thus indicating the app meets security and privacy requirements to keep customers safe. The key will continue to launch Copilot on devices that have the Copilot app installed until a customer selects a different experience. This setting can be found via Settings > Personalization > Text input. If the keyboard connected to your PC does not have a Copilot key, adjusting this setting will not do anything. We are planning further refinements to this experience in a future flight.
#6
Announcing Windows 11 Insider Preview Build 22635.4300 (Beta Channel)

Changes and Improvements gradually being rolled out to the Beta Channel with toggle on

[Start menu]
  • "All apps" is now just "All" on the Start menu. This change began rolling out with Build 22635.4291 earlier this week.
[Fonts]
  • There is a new simplified Chinese font (Simsun-ExtG) with 9,753 ideographs supporting Unicode Extensions G, H and I. Included is the highly requested character for Biangbiang noodles. This character U+30EDD is said to be the most complicated Chinese character, as you can see in the image below. We are aware that some applications may not be able to display these new extension characters yet.
    • Unicode range G 30000-3134A (4,939 chars)
    • Unicode range H 31350-323AF (4,192 chars)
    • Unicode range I 2EBF0-2EE5D (622 chars)
[Security]
  • Windows Search runs IFilters in the Less Privileged App Containers (LPAC). LPAC are like app containers, but they deny even more permissions by default. The intent is that a process running in a LPAC has access only to the resources needed by it. This model helps to minimize the potential damage that can be caused by a compromised process by limiting its access to sensitive system components and data.

Fixes gradually being rolled out to the Beta Channel with toggle on

[General]
  • Fixed a high hitting explorer.exe crash impacting Insiders while using your PC in the last few Beta Builds.
[File Explorer]
  • Fixed an issue which was causing the items in the navigation pane to become very spread out (with unexpected padding between each item) for some people.
#7
Dev Channel update to 131.0.2863.0 is live

Added Features:
  • Added a 'Restart' option in the Prism Collections setting toggle within the webui2 settings.
  • Introduced a '...' menu to the tab center.

Improved Behavior:
  • Resolved an issue where browser would crash when opening a new InPrivate tab from the app's contextual menu or widget on iOS.

Changed Behavior:
  • Resolved an issue where clicking on links sometimes opened them in the desktop browser instead of within Game Assist.
  • Resolved an issue where the stamp function could draw incomplete graphics directly on the border in screenshots.
  • Mac:
    • Resolved an issue where browser opens without FRE and becomes non-functional on Mac.
  • Android:
    • Fixed an issue where Talkback announced the 'x' button as 'unlabeled' in the 'Notifications' pane under the browser's Account Menu on Android.
    • Fixed an issue where the shopping UI remained visible on Android after being opened and the system's return button was pressed.
  • iOS:
    • Resolved an issue where the address bar on the NTP disappears in landscape mode on iOS.
    • Resolved an issue where the top sites names were misaligned on the ZIP page in iOS.
    • Fixed an issue where Top sites icons displayed abnormally when adding or removing top sites in split-screen mode on iOS.
    • Fixed an issue where the read aloud bar for online PDFs appeared on other pages in iOS.
    • Fixed an issue where Voiceover remained silent when loading search results on iOS.
#8
Web News / Re: Microsoft wants you to TAL...
Last post by winchester73 - October 03, 2024, 02:50:15 PM
Geesh
#9
Web News / Re: Microsoft wants you to TAL...
Last post by Corrine - October 03, 2024, 01:16:31 PM
I talk to myself enough and don't need to add talking to my computer. 😄
#10
Web News / Microsoft wants you to TALK wi...
Last post by ky331 - October 03, 2024, 11:36:28 AM
Dubbed Copilot Voice and available as part of Microsoft's latest Copilot AI platform update, the software feature is designed to let you speak directly to your PC and for it to talk back to you.


In addition to voice, Microsoft is working on a feature called Copilot Vision that will [eventually] allow Copilot to see what you're doing on your screen and answer questions and make suggestions based on the content you're viewing.


https://finance.yahoo.com/news/microsoft-wants-to-change-the-way-you-use-your-pc-it-needs-to-succeed-194226582.html