1 |
On Wed, 13 Jul 2016 16:53:40 -0400 |
2 |
waltdnes@××××××××.org wrote: |
3 |
|
4 |
> On Tue, Jul 12, 2016 at 05:09:28PM -0500, »Q« wrote |
5 |
> > On Tue, 12 Jul 2016 12:14:57 -0500 |
6 |
> > R0b0t1 <r030t1@×××××.com> wrote: |
7 |
> > |
8 |
> > > Pale Moon is routinely behind Firefox on security fixes (actual |
9 |
> > > fixes, not wanking-in-a-corner fixes). |
10 |
> > |
11 |
> > Is anyone other than the Pale Moon team itself trying to track its |
12 |
> > vulnerabilities? I could only find one CVE for it, from 2013. |
13 |
> |
14 |
> See http://www.palemoon.org/releasenotes.shtml with several mentions |
15 |
> of CVEs and other security fixes. Given the amount of Firefox code |
16 |
> still present "under the hood", many Firefox security fixes will also |
17 |
> apply to Pale Moon. |
18 |
|
19 |
Checking just a few, the Pale Moon team takes anywhere from a few weeks |
20 |
to a few months to fix security vulnerabilities which have been |
21 |
published and fixed by Mozilla. And other Firefox CVEs aren't |
22 |
listed by Pale Moon, so it's tough to tell whether or not Pale |
23 |
Moon is/was affected. Maybe their fork of Gecko has diverged too much |
24 |
to easily port Mozilla's fixes, I dunno. But not to worry, they have a |
25 |
FAQ. |
26 |
|
27 |
Is Pale Moon safe to use? |
28 |
|
29 |
Absolutely! Pale Moon is based on the Mozilla release source code |
30 |
that has a large community of developers and security-aware people, |
31 |
next to having seen over a decade of development by now. [...] |
32 |
|
33 |
OTOH, when it suits him, Moonchild stresses how very different his |
34 |
codebase is now from Mozilla's. |
35 |
|
36 |
AFAICS, no one but the Pale Moon team is tracking Pale Moon |
37 |
vulnerabilities. I dunno what to make of their claims that it's safe |
38 |
to use. |