General :  K-Meleon Forum
General discussion about K-Meleon. 
GRE version and security issues
Posted by: jmillar
Date: September 01, 2012 04:09PM

I've been a longtime enthusiast of Kmeleon and used it until the 1.9.2.28 GRE had run its course. When KM no longer could use Frirefox derived GRE I sadly switched to FF, bloat and all.
It surprises me a bit that development work is focused on the 1.9.1.x platform.
Wasn't that supposed to be a dead end? Is it vulnerable? Is it safe based in 'security through obscurity'? To a bug or exploit KM is undistinguishable from FF. It's got a 'mozilla heartbeat'.

It surprises me that work is still going on on a supposedly vulnerable platform: 1.9.1.x. Is B2dot4 safe for daily use? Is it just a development version leading to a more solid and reassuring future? Is it suitable for normal use without courting disaster?

I was hoping Dorian and others to have come up with a re-engineered K-meleon built on the more recent mozilla GRE and about a year ago things seemed to be moving in that direction. What happened? Can Mozilla, as it stands be used as a daily browser?

Should I use it within a sandbox such as sandboxie? Will that provide me with the security I need? Right now I hit the stops at 1.7 and 1.9.2.28, (which runs great and is very stable, but supposedly vulnerable) and find it surprising that current development is based on 1.6 and 1-9.1.x. Why?

Thanks fellas! lets not let the critter die. Unfortunately I'm not a coder.

Options: ReplyQuote
Re: GRE version and security issues
Posted by: JamesD
Date: September 02, 2012 01:06AM

Quote
Jmillar
It surprises me that work is still going on on a supposedly vulnerable platform: 1.9.1.x. Is B2dot4 safe for daily use? Is it just a development version leading to a more solid and reassuring future? Is it suitable for normal use without courting disaster?

I put together beta 2.4 version. I picked that one over the KM 1.7 because the history worked. It has slightly newer version Gecko engine than the original KM 1.6 beta version. I am not a coder. I just put together pieces which were made available to me by others. The privacy DLL was recompiled and works better than the original. I was told the actual code did not change.

You are right that the engine is well past its end of cycle time. Mozilla does not any longer produce a Microsoft Foundation Class version of their Gecko engine. Unless we can find a coder who can make a MFC version of a current Gecko engine, I do not see any way forward.

I have not been plagued with malware using Beta 2.4, but that may be more a function of how I surf the net than the browser in use. I do use Policy Manager and my default is Javascript off. I find, more and more, that I have to send certain pages to IE now because the site is using HTML 5 code.

Options: ReplyQuote


K-Meleon forum is powered by Phorum.