LandzDown Forum

Security => Security Alerts & Briefings => Topic started by: Corrine on November 07, 2017, 12:13:16 PM

Title: Pale Moon Version 27.6.0 Released with Security Updates
Post by: Corrine on November 07, 2017, 12:13:16 PM
Pale Moon has been updated to Version 27.6.0. This is a major development update. Details are available in the Release Notes (http://www.palemoon.org/releasenotes.shtml).

To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.
Title: Re: Pale Moon Version 27.6.0 Released with Security Updates
Post by: Digerati on November 07, 2017, 01:41:44 PM
Sadly, all those changes did not fix the problem I am having since enabling in Windows Defender, the new anti-ransomware feature that came in the Fall Creators Update. Pale Moon is being blocked from making unauthorized changes to my users\me\desktop folder. This is being triggered by "Controlled folder access (http://www.zdnet.com/article/windows-10-tip-turn-on-the-new-anti-ransomware-features-in-the-fall-creators-update/)".

I can add Pale Moon manually, but I was hoping the natural progress of things would take care of it. I guess PM needs to become more popular.
Title: Re: Pale Moon Version 27.6.0 Released with Security Updates
Post by: Corrine on November 07, 2017, 04:44:23 PM
I agree and because I do prefer Pale Moon for everyday usage added it manually.
Title: Re: Pale Moon Version 27.6.0 Released with Security Updates
Post by: Corrine on November 07, 2017, 05:29:20 PM
For what its worth, I asked Amitai Rotten, a Product Manager working on Windows Defender via Twitter:

Quote
@AmitaiTechie Is there a procedure for submitting programs for white-listing in Controlled folder access? 1/2
Quote
@AmitaiTechie Users are disabling Controlled folder access rather than adding exception for @palemoonbrowser 2/2
Title: Re: Pale Moon Version 27.6.0 Released with Security Updates
Post by: plodr on November 07, 2017, 05:55:26 PM
Windows 7: reading about the font issue concerns me. So far, I have not updated to 27.6.0.
I went in search of the fix and have both the x86 and x64 versions downloaded just in case I have problems. I might head to the Palemoon forum and see if there are any threads dealing with this possible issue.
Title: Re: Pale Moon Version 27.6.0 Released with Security Updates
Post by: Corrine on November 07, 2017, 06:23:51 PM
Follow-up Re:  Pale Moon and "Controlled folder access":  Received reply from Amital Rottem with information submitting as f/p and to provide him with the submission ID, indicating he would look into it.
Title: Re: Pale Moon Version 27.6.0 Released with Security Updates
Post by: Digerati on November 08, 2017, 12:54:02 PM
Quote
Follow-up Re:  Pale Moon and "Controlled folder access":  Received reply from Amital Rottem with information submitting as f/p and to provide him with the submission ID, indicating he would look into it.
Thanks for this Corrine.

That would be decent if there is a procedure to have legit programs whitelisted. That said, I can see how that could create a manpower issue for MS trying to keep up with it. Still, surely there are 1000s (millions?) of hits on MS sites everyday by PM users so it should not be hard for MS to determine if PM (or any browser) is legit.

FWIW, I have not seen any font issues.
Title: Re: Pale Moon Version 27.6.0 Released with Security Updates
Post by: Corrine on November 08, 2017, 02:22:43 PM
BTW, Amital also referred to Add additional folders and apps to be protected by Windows 10 | Microsoft Docs (https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard), which includes instructions on how to manually white list programs you know to be safe that haven't been white listed by Windows Defender.  Included is PowerShell but the easiest method is to "Use the Windows Defender Security app to whitelist specific apps". 
Title: Re: Pale Moon Version 27.6.0 Released with Security Updates
Post by: Digerati on November 08, 2017, 02:51:29 PM
Quote
but the easiest method is to "Use the Windows Defender Security app to whitelist specific apps". 
It is not hard but not sure I would call it easy just based on the number of steps needed to add a program.

Now the number of steps are less if you catch the first warning popup, but still, it would be nice if the warning contained the necessary filepath to the executable. 

Having said all that, ultimately this is making Windows Defender even more formidable. :) A very good thing and if I were a competing anti-malware solution, I would be concerned - and rightfully so.

Title: Re: Pale Moon Version 27.6.0 Released with Security Updates
Post by: plodr on November 10, 2017, 01:57:52 PM
I saw my first font issue today.

I updated the four Win 7 computers a few days ago and saw nothing amiss.

Today I was reading a PM and the degree symbol appeared as a black diamond with a white question mark inside.
I fired up Firefox and Vivaldi and the degree symbol appeared normal in those.
I'm not ready to install an optional KB patch just yet.
Title: Re: Pale Moon Version 27.6.0 Released with Security Updates
Post by: plodr on November 10, 2017, 02:18:34 PM
Since I can no longer edit my post, I'm adding additional information.
If I go to View, Character encoding, and change from Unicode to Western, things display properly.

I'm now trying to determine how to make Western the default because I have to make this change on a page by page basis and it doesn't "remember" what I've selected.

Perhaps I can just fix my issue by changing the character encoding only on pages where I might see some strange unicode character.
This is what I see. https://en.wikipedia.org/wiki/File:Replacement_character.svg
Title: Re: Pale Moon Version 27.6.0 Released with Security Updates
Post by: Digerati on November 10, 2017, 02:25:49 PM
°

Hmmm, the degree symbol looks right there.

Ω
£
±
µ


So do Ohm, pound, plus and minus, micro and Euro - at least on this site.
Title: Re: Pale Moon Version 27.6.0 Released with Security Updates
Post by: plodr on November 10, 2017, 08:14:32 PM
Yup, they all appear the way they should.

I found out after the fact, the person sending the email did something different to get the degree symbol.
When I use my two alt + 248 and alt + 0176 using the numbers on the keypad, the degree appears correctly.
Voila °  and °

I'm glad I'm a slow mover and did not install the fix as posted on the Palemoon site.
Title: Re: Pale Moon Version 27.6.0 Released with Security Updates
Post by: satrow on November 10, 2017, 09:00:35 PM
The old Platform update font/graphics corruptions that I witnessed were not as simple as a wrong/missing font, most were obvious corruptions in D2D, fonts were garbled, went missing during scrolling, odd lines appeared across part of the Desktop, some caused extra CPU kernel activity on scrolling too, so it had a performance hit you could feel. PM, IE, Notepad and the Desktop were all affected occasionally/unpredictably.
Title: Re: Pale Moon Version 27.6.0 Released with Security Updates
Post by: Digerati on November 11, 2017, 12:16:04 PM
Quote
PM, IE, Notepad and the Desktop were all affected occasionally/unpredictably.
Which would suggest it had nothing to do with PM.
Title: Re: Pale Moon Version 27.6.0 Released with Security Updates
Post by: satrow on November 11, 2017, 08:24:50 PM
Correct, absolutely nothing to do with Pale Moon but everything to do with @plodr's quandary about font corruption vs the Platform update.
Title: Pale Moon Version 27.6.1 Released
Post by: Corrine on November 15, 2017, 10:55:15 AM
Pale Moon version 27.6.1 has been released.  The update has minor bug fixes. 

Release Notes (https://forum.palemoon.org/viewtopic.php?f=1&t=17356&sid=945c4628cbf32a5f65b799696dbaf29d)