| 1 |
On Wed, 13 Jul 2016 16:53:40 -0400 |
| 2 |
waltdnes@××××××××.org wrote: |
| 3 |
|
| 4 |
> On Tue, Jul 12, 2016 at 05:09:28PM -0500, »Q« wrote |
| 5 |
> > On Tue, 12 Jul 2016 12:14:57 -0500 |
| 6 |
> > R0b0t1 <r030t1@×××××.com> wrote: |
| 7 |
> > |
| 8 |
> > > Pale Moon is routinely behind Firefox on security fixes (actual |
| 9 |
> > > fixes, not wanking-in-a-corner fixes). |
| 10 |
> > |
| 11 |
> > Is anyone other than the Pale Moon team itself trying to track its |
| 12 |
> > vulnerabilities? I could only find one CVE for it, from 2013. |
| 13 |
> |
| 14 |
> See http://www.palemoon.org/releasenotes.shtml with several mentions |
| 15 |
> of CVEs and other security fixes. Given the amount of Firefox code |
| 16 |
> still present "under the hood", many Firefox security fixes will also |
| 17 |
> apply to Pale Moon. |
| 18 |
|
| 19 |
Checking just a few, the Pale Moon team takes anywhere from a few weeks |
| 20 |
to a few months to fix security vulnerabilities which have been |
| 21 |
published and fixed by Mozilla. And other Firefox CVEs aren't |
| 22 |
listed by Pale Moon, so it's tough to tell whether or not Pale |
| 23 |
Moon is/was affected. Maybe their fork of Gecko has diverged too much |
| 24 |
to easily port Mozilla's fixes, I dunno. But not to worry, they have a |
| 25 |
FAQ. |
| 26 |
|
| 27 |
Is Pale Moon safe to use? |
| 28 |
|
| 29 |
Absolutely! Pale Moon is based on the Mozilla release source code |
| 30 |
that has a large community of developers and security-aware people, |
| 31 |
next to having seen over a decade of development by now. [...] |
| 32 |
|
| 33 |
OTOH, when it suits him, Moonchild stresses how very different his |
| 34 |
codebase is now from Mozilla's. |
| 35 |
|
| 36 |
AFAICS, no one but the Pale Moon team is tracking Pale Moon |
| 37 |
vulnerabilities. I dunno what to make of their claims that it's safe |
| 38 |
to use. |
Archives