Development :  K-Meleon Forum
K-Meleon development related discussions. 

Pages: 12345...LastNext
Current Page: 1 of 8
Results 1 - 30 of 240
5 weeks ago
gordon451
Interaction between a remote server and the clipboard is a security and privacy issue. I'd never allow it ... Yogi, what do I need to tweak (in Config??) to disable access to the clipboard? EDIT: Found it. I think. In about:config find dom.event.clipboardevents.enabled, and toggle it to false. This is supposed to prevent websites from hearing your bowsers' on-event signals. I do no
Forum: General
5 weeks ago
gordon451
No, probably not Gecko. I've just opened snag.gy, done what it said and saw the success. Having said that, it was quick and dirty as I did not open an account, so I was not logged in & etc. But it did work, see sig for sordid details. I only have pop-ups and Flash blocked, and my default UA string is <Mozilla Gecko rv:38.0 K-Meleon 76.0 20160503>. EDIT: update global UA to ref
Forum: General
6 weeks ago
gordon451
I mean custom build set up as close to max public privacy as possible. So we can make some 'mental junction' between KM and 'private solution' I'm with Yogi on this one. He correctly points out that "our browser" is recognisable, but our person is not. I agree that it may be possible to track my browser through a site where my personal details are (for whatever reason) visible,
Forum: Off-Topic
7 weeks ago
gordon451
<b>eDexter</b> update... Get eDexter 1.42 from HOSTSFILE.MINE.NU or go to HOSTSFILE.MINE.NU downloads directly.
Forum: Bugs
7 weeks ago
gordon451
Re-route in your HOSTS file to 0.0.0.0. The connection should be dropped instantly in this case. Actually Win8.1, and possibly Win10 also, need to have 0.0.0.0 in hosts because Microsoft altered their "TCP loopback interface" in Win8.1 :O (source: There's no place like 127.0.0.0) ... FF and KM kept waiting for a connection to Facebook ... You can fix that by getting eDex
Forum: Bugs
7 weeks ago
gordon451
... which probably means that my hosts file is being ignored by that browser. Ummm, no. Hosts is supplied and used by the OS. Browsers send a request for a file, the OS looks at the hosts file and if there is an entry the appropriate action is taken. This is either a re-route to local-host (127...) or to a specialised IP different from the usual, possibly to direct the browser to an infra-w
Forum: Bugs
7 weeks ago
gordon451
At line 257, we have a <noscript>, which is exactly like the one found in the <head> of OspreyPacks here. This <noscript> is invoking an image from Facebook, and I reckon this is causing the crash. Possibly you can test this by disabling images in your Privacy menu, just hit F9 to toggle it. I've run DuoLingo through the W3C Unicorn, there are 333 CSS errors in 3 Cloudfr
Forum: Bugs
7 weeks ago
gordon451
Maybe Baidu site handles differently calls from our countries/IPs? It's a horrible thought, but it looks a reasonable assumption.
Forum: Announcements
7 weeks ago
gordon451
As I said, first run gives error pokemon in EVERY browser. Just reload to see real picture. That's odd. As I said in this post, my other 3 browsers opened PanBaidu on the first visit. At the moment I'm having latency problems, s1.pan.bdstatic is refusing to come to Australia for some reason. If I force the matter by leaning on F5, all browsers show me the bird. Opera 12.17 is currently ge
Forum: Announcements
8 weeks ago
gordon451
That's because (like me!!!!!) you're clicking right where the new tab will be... Just move over a bit, and all will be well.
Forum: Bugs
8 weeks ago
gordon451
Then tell me that if you could download and save the target file to your computer? Ummm. Er... The zip file fell straight into my Download folder. BTW, please forgive this, but is Chanson your given name? I'm trying very hard to not tread on cultural toes here.
Forum: Announcements
8 weeks ago
gordon451
Hokay, found something. In https://developer.mozilla.org/en-US/docs/Mozilla/Errors, "Error codes returned by Mozilla APIs>General Errors>The following errors are general and can occur when using any component" we find NS_ERROR_FACTORY_NOT_REGISTERED (0x80040154) Returned when a service could not be found. As well, Error Console is throwing a HU-U-U-UGE list of ver
Forum: Announcements
8 weeks ago
gordon451
G'day mikeyww - The problem W3C Validator had with this page is the same problem KM76 has. It is more than "just" the <noscript> block, although removing that allowed the full validation. The <noscript> was actually referencing a script... It would never work regardless of which browser you had. And in fact it was not responsible for K-M's crash. The main K-M proble
Forum: Bugs
8 weeks ago
gordon451
Removed excess white space from source file, passed it to W3C Unicorn validator. Much pruning in the <head> before sanity returned. Eventually removed a very annoying <noscript> block--I still cannot see what was wrong with it--and wound up with 53 errors and 6 warnings just in the XML. This in conjunction with the CSS debacle would cause almost all browsers to render in the (extr
Forum: Bugs
8 weeks ago
gordon451
Interesting. Lit up the Console, cleared it, went to OspreyPacks. The Console gathered a dozen or so CSS, then K-M crashed quietly. Try again, but switch off the CSS error count... I got some chrome on the screen, but nothing in the Console... All crashes happen after a few seconds, say 10-15. I had expected to see XML or JS errors. None.
Forum: Bugs
8 weeks ago
gordon451
76RC crashed very quietly on this site. Pale Moon 26.2 x64 handles it well, but we note PM uses "Goanna" rather than Gecko... Opera 12.17x64 and IE11 x32 also open the site. It's educational to run http://www.ospreypacks.com/us/en/series/technical-packs/aether-ariel-landing through the W3C validator. The page is so bad that it essentially gave up after the <body id="page-
Forum: Bugs
2 months ago
gordon451
For what it's worth, only Pale Moon 26.2x64 and IE11x32 render the PanBaidu page properly. Opera 12.17x64 doesn't get the Flash/HTML5 on the right, but that does not surprise me due to its age. KM just gets the bird. FWIW, on DataFileHost, this is Pale Moon 26.2: https://www.dropbox.com/s/6a5i41khihnknp4/PaleMoon26-2.png?dl=1 and this is KM76RC: https://www.dropbox.com/s/rz2auj9wier5v85/
Forum: Announcements
3 months ago
gordon451
Further... I cleared the caches on my other browsers, then put all the SSL-secured sites into my host file, and lit the browsers up. And got the same result that KM gave me: a text-view as shown above. Then I cleared the entries. And now all my browsers do what KM does, refusing to load the unsafe elements. But KM was able to override the cache on the first view. I'll have to check my
Forum: General
3 months ago
gordon451
Which prefs do you mean for blocking ssl-stuff? This is it: general.useragent.compatMode.firefox;false geo.enabled;false plugin.scan.plid.all;false security.fileuri.strict_origin_policy;true (def) security.ssl.require_safe_negotiation;true security.ssl.treat_unsafe_negotiation_as_broken;true all rc4 and des cyphers;false security.tls.unrestricted_rc4_fallback;false There's a
Forum: General
3 months ago
gordon451
I needed to read a blog on the Avast! site. https://www.dropbox.com/s/e85ce8ss4h814jl/BestHTTPSprotection.png?dl=1 Oh kwap!! What happened? https://www.dropbox.com/s/hrxgb9r1jya18rd/ErrorConsoleXML.png?dl=1 It would seem the lack of formatting comes from poorly secured out-sourcing. Count the number of "hubspot" in the <head> https://www.dropbox.com/s/noahh2vylaqwm
Forum: General
4 months ago
gordon451
As JohnHell correctly points out, the primary usage of UDF is in optical media file systems, it's been designed for that purpose. All current versions of Windows understand UDF. Read the Talos report, which explains the problem in tedious detail. The key words are "arbitrary code execution". Where the code comes from is another problem, but it could well be in the extracted file.
Forum: General
4 months ago
gordon451
... you are proposing a man-in-the-middle attack, correct? If MalwareBytes signs their updates, then this attack wouldn't be possible, right? Does MalwareBytes use the UDF format for its updates? Also, how can you force CTRL-ALT-DEL for user switching/logon? Do you mean to disable Fast User Swtiching? Yes, it would be a MitM attack. Outside of trojans and viruses, this is the most feas
Forum: General
4 months ago
gordon451
... and those speed dials drove me nuts; never could seem to get rid of them. Never had a problem :) Ctrl-F12>General>Startup: "Start with home page" />Home page: "about:blank" :) Problem solved! Anyway, I agree: back on topic! Gordon.
Forum: Announcements
4 months ago
gordon451
I've used Opera (just semi-retired v12.17 due to age and inability to handle modern web-tech), Iron (pre-Blink), K-M since 1.5, IE forever, and now Pale Moon. I lost interest in Opera when they dropped the Presto engine. Also played with Sleipnir, but that was always iffy. Like you, my first browser was Netscape 3, but I abandoned that when v4 Communicator ruined the day and IE4 rescued the day
Forum: Announcements
4 months ago
gordon451
Assume you're in a User account, but using MalwareBytes, which uses 7-Zip. MB must have significant permissions, usually beyond those required by you in your normal work. An attacker can now use those (MB) permissions for his own purposes, which might well include resetting a login password (cheap!) or even altering something like Su-Run or CryptoPrevent settings (much more useful). Obviously
Forum: General
4 months ago
gordon451
@hermes - thanks for the zeus software link :) @foliator - I think the problem may possibly be in the GPU. I'm using the Onboard Graphics Processor in my Core i5, and that could well be one of the Intel processors mentioned in the Bugzilla link, I didn't follow it through. I suppose I should check for driver updates :cool: I've never used FF since taking an immense dislike to it back in the
Forum: Announcements
4 months ago
gordon451
The other thing, although trivial, is that the browser's background color is black during the very short interval before a page has loaded. I also notice this on startup. It used to be white. However, blank pages (about:blank) do come up white, as expected. Hi foliator, you can set layers.offmainthreadcomposition.enabled to false in about:config. But as Dorian said, this may reduce performa
Forum: Announcements
4 months ago
gordon451
It's a bit like leaving your you-beaut safe unlocked inside your well-fortified house. In itself, not a problem... until someone breaks into the house. Yes, the vulnerability will affect the average user, even those who do not normally work in Admin. Those who do work in Admin are especially at risk. And yes it would affect servers. But then nobody uses servers for desk work, do they? Go
Forum: General
4 months ago
gordon451
Hi Yogi - thanks. Yes, I'm familiar with M$ "security" overkill in W7, I'm still grieving for W2K. It was most certainly a permissions stuffup if the archive was intact. I upgraded my PeaZip as soon as I heard about the 7z vulnerability, I was using PZ5.5 which was working quite well, using 7z9.22B, definitely not affected by whatever hit 7z15.x. Gordon.
Forum: Announcements
4 months ago
gordon451
Do we have hashes for the install files? I used Hash Generator from SecurityXploded which gives: MD5:de40726522af29e26d05716b044a9960 SHA256:b52b8676a708d239dd0e2c5a0d0df3aaa40c250c3d0a9a8f909c14f7a32122d3 on the 7z archive. And while we're here, the Black Page seems occur only on these forum pages :s Gordon.
Forum: Announcements
Pages: 12345...LastNext
Current Page: 1 of 8

K-Meleon forum is powered by Phorum.