Jump to content
CCleaner Community Forums

trium

Experienced Members
  • Content count

    1,775
  • Joined

  • Last visited

Posts posted by trium


  1. ublock v1.21.0

     

    gorhill released this

    Jul 18, 2019

     

    New:

    New procedural cosmetic/HTML filtering operator: min-text-length(x), where x is the minimal text length of the subject DOM element. It is chainable. Example:

    example.de##^script:has-text(.charCodeAt):min-text-length(14000)
    

    New keyboard shortcut available: "Relax blocking mode". Use it to lower the current blocking mode to a lower one. Currently the default behavior is:

    1. Allow JavaScript; or
    2. Allow 3rd-party network requests

    Consequently, if your default blocking profile is to disable JavaScript and 3rd-party network requests, you will need to press twice to lower uBO's blocking mode to the lowest blocking mode achievable through the keyboard command. The current web page will be automatically reloaded each time the current blocking mode is lowered.

    The shortcut will have no effect when the current blocking mode in effect does not forbid JavaScript and 3rd-party requests.

    Closed as fixed:


  2. 20 hours ago, JDPower said:

    "No entry loaded" at startup is normal, it usually takes 5-10 second to load (maybe longer). Same if you click refresh.

    yes, i see ... after longer while :-)

    20 hours ago, JDPower said:

    "There are one or more open sessions" suggests you've multiple copies of the program running, check task manager to make sure there's not a copy running/hanging in the background.

    no, only one. but i think rapr think it during the search process that another rapr runs... :-)

     

    perhaps the hdspace freeup is not the right amount it shows me? 10 gb only with nvidia?

     

    i have 38 nvidia entrys with 280 mb or so. i think i dont have installed it so many times :-)) one seems the actually one to be with 399 mb. and one is the intels driver.

     

    can i really delete this many "entrys"?

     


  3. C:\  -> systemdrive and one of the system-paths

    with

    *.* -> i mean this can delete your whole os-stuff, if possible

     

    for ex -> c:\ and filetype *.tmp is possible

     

    On 14.7.2019 at 17:56, FabioA said:

    Fyle Tipes/File Types: *.diz;*.old;*.nch;*.wbk;*log.txt;~*.*;*.log;*.prv;*.sik;*.bak;*.ilk;*.aps;*.ncb;*.pch;*.$db;*.db$;*.^;*._dd;*._detmp;log*.txt;*.log?

     


  4. hello peterw,

     

    ccleaner -> tools -> drive wiper:

     

    what is in the first line "wipe"?

     

    -> entire drive (all data will be erased)

    or

    -> free space only

     

    ps: with first you cant select your c-drive because it is gray ;-)


  5. ff v68.0 esr

     

    09. july 2019

     

    New

    • A number of features improve the browser experience in enterprise settings.

      • MSI installer file type is included in this release, helping make deployments in the Windows environment easier and more flexible.
      • Configuration profiles in macOS
      • The ability to read added certificates roots from the macOS Keychain

      • For all operating systems, we have a number of additional policies including:

      • New tab page configuration and disabling
      • Local file links
      • Download behavior
      • Search suggestions
      • Managed storage for using policies in Webextensions
      • Extension configuration (allow/deny) by ID and website
      • A subset of commonly used Firefox preferences

      You can see a full list of policies here.

    • User and enterprise added certificates are read from the operating system by default.

    Fixed

    • Local files can no longer access other files in the same directory.

    Changed

    unresolved

    • Windows Background Intelligent Transfer Service (BITS) update download for proxy users with authentication will fall back to legacy update system on Windows (bug 1561200)

    • Service workers and push notifications remain disabled in Firefox ESR


  6. ff v60.8.0 esr

     

    09. july 2019

     

    Fixed

     

    Security vulnerabilities fixed in Firefox ESR 60.8

    Announced
    July 9, 2019
    Impact
    critical
    Products
    Firefox ESR
    Fixed in
    • Firefox ESR 60.8

    #CVE-2019-9811: Sandbox escape via installation of malicious language pack

    Reporter
    Niklas Baumstark
    Impact
    high
    Description

    As part of his winning Pwn2Own entry, Niklas Baumstark demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation.

    References

    #CVE-2019-11711: Script injection within domain through inner window reuse

    Reporter
    Boris Zbarsky
    Impact
    high
    Description

    When an inner window is reused, it does not consider the use of document.domain for cross-origin protections. If pages on different subdomains ever cooperatively use document.domain, then either page can abuse this to inject script into arbitrary pages on the other subdomain, even those that did not use document.domain to relax their origin security.

    References

    #CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects

    Reporter
    Gregory Smiley of Security Compass
    Impact
    high
    Description

    POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an attacker to perform Cross-Site Request Forgery (CSRF) attacks.

    References

    #CVE-2019-11713: Use-after-free with HTTP/2 cached stream

    Reporter
    Hanno Böck
    Impact
    high
    Description

    A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash.

    References

    #CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault

    Reporter
    Jonas Allmann
    Impact
    moderate
    Description

    Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used.

    References

    #CVE-2019-11715: HTML parsing error can contribute to content XSS

    Reporter
    Linus Särud
    Impact
    moderate
    Description

    Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites in certain circumstances.

    References

    #CVE-2019-11717: Caret character improperly escaped in origins

    Reporter
    Tyson Smith
    Impact
    moderate
    Description

    A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes.

    References

    #CVE-2019-11719: Out-of-bounds read when importing curve25519 private key

    Reporter
    Henry Corrigan-Gibbs
    Impact
    moderate
    Description

    When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure.

    References

    #CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin

    Reporter
    Luigi Gubello
    Impact
    moderate
    Description

    A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these directories and they may uploaded to a server. Luigi Gubello demonstrated that in combination with a popular Android messaging app, if a malicious HTML attachment is sent to a user and they opened that attachment in Firefox, due to that app's predictable pattern for locally-saved file names, it is possible to read attachments the victim received from other correspondents.

    References

    #CVE-2019-11709: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8

    Reporter
    Mozilla developers and community
    Impact
    critical
    Description

    Mozilla developers and community members Andreea Pavel, Christian Holler, Honza Bambas, Jason Kratzer, and Jeff Gilbert reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.

    References

  7. ff v68.0

     

    09. july 2019

     

    New

    • Dark mode in reader view expands so that windows are also dark on the controls, sidebars and toolbars.

    • Improved extension security and discovery:

      • New reporting feature in about:addons allows you to report security and performance issues with extensions and themes.
      • Redesigned extensions dashboard in about:addons provides easy access to information about your extensions, including data and settings access required by each extension.
      • Find high quality, secure extensions via the Recommended Extensions program in about:addons, which now displays user count and ratings for each extension. "Recommended” badges for these extensions also appear on AMO. More extensions will be added over time.
    • Cryptomining and fingerprinting protections are added to strict content blocking settings in Privacy & Security preferences.

    • WebRender will roll out to Windows 10 users with AMD graphics cards.

    • Windows Background Intelligent Transfer Service (BITS) update download support, which allows Firefox update downloads to continue when Firefox is closed.

    Fixed

    • Various security fixes

    • Local files can no longer access other files in the same directory.

    Changed

    • Unified existing locales (bn-BD, bn-IN) under a single Bengali (bn) localization.

    • The following unmaintained translations have been removed: Assamese (as), English - South Africa (en-ZA), Maithili (mai), Malayalam (ml), Odia (or). Existing users will be migrated to the British English (en-GB) version.

    • When an HTTPS error caused by antivirus software is detected, Firefox will attempt to automatically fix it

    • Camera and microphone access now require an HTTPS connection.

    • The way non-default preferences are synced has changed. Please see this support article for more details

    Enterprise

    • For all operating systems, we have a number of additional policies including:

      • New tab page configuration and disabling
      • Local file links
      • Download behavior
      • Search suggestions
      • Managed storage for using policies in Webextensions
      • Extension whitelisting and blacklisting by ID and website
      • A subset of commonly used Firefox preferences

      You can see a full list of policies here.

    Developer

    • Firefox Developer Tools now offers a full page color contrast audit that identifies all elements on a page that fail color contrast checks.

    • Added about:compat, where website-specific workarounds are listed and may be toggled. These workarounds are meant as temporary fixes for various forms of website breakage for Firefox, while the website fixes them in due time. With about:compat, it is now easy to see all of the workarounds that are active in Firefox, and easy for website developers to disable a given workaround for testing purposes.

    • Introduces CSS Scroll Snap module that enforces scroll snap positions.

    unresolved

    • The new URL bar implementation does not handle javascript: bookmarklets triggered via bookmark keywords correctly yet (bug 1552141)


  8. ublock v1.20.2

     

    gorhill released this

    Jul 2, 2019

     

    No changes from 1.20.0.

    This release exists only to fulfill a request by Mozilla that I submit a new version even if there is no code change, so as to test changes on the back-end of AMO.


  9. thanks hazelnut :-)
    
    
    
    Summary           : Read buffer overflow & double free
    Date              : June 2019
    Affected versions : VLC media player 3.0.6 and earlier
     
    
    Security:
     * Fix multiple buffer overflows in the ps demuxer
     * Fix a buffer overflow when copying a biplanar YUV image
     * Fix multiple buffer overflows in the faad decoder
     * Fix buffer overflow in the svcdsub decoder
     * Fix buffer overflows in the ogg muxer & demuxer
     * Fix buffer overflows in libavformat demuxer
     * Fix multiple buffer overflows in the MKV demuxer
     * Fix a buffer overflow in the MP4 demuxer
     * Fix a buffer overflow in the textst decoder
     * Fix a buffer overflow in the webvtt decoder
     * Fix a buffer overflow in the ASF demux
     * Fix a buffer overflow in the UPNP SD
     * Fix use after free in the ogg demuxer
     * Fix multiple use after free in the MKV demuxer
     * Fix multiple use after free in the DMO decoder
     * Fix integer underflow in the MKV demuxer
     * Fix an updater NULL pointer dereference on invalid signing keys
     * Fix NULL pointer dereference in the MKV demuxer
     * Fix an integer overflow in the spudec decoder
     * Fix an integer overflow in the nsc demuxer
     * Fix an integer overflow in the avi demuxer
     * Fix reads of uninitialized pointers in the MKV demuxer
     * Fix a floating point exception in the MKV demuxer
     * Fix an infinite loop in the flac packetizer

  10. good wish :-)

     

    i mean ms has another wishes with his versions of netframework...

     

    from the beginning with 1 and 1.1 and 2 - two is not compatible with one and so on (i remember me darkly that are two different developer)

    also the different versions of the 2 dont be good

     

    and the installation progress was long sometimes also bad and the whole net-installation was for the toilet :-)

     

    i have 4.8 not installed.

    i take only what this or one needed to be run - this also saves me a lot of updates


  11. ff v60.7.2 esr

     

    20. june 2019

     

    Fixed

     

    Quote

    CVE-2019-11708: sandbox escape using Prompt:Open

    Reporter
    Coinbase Security
    Impact
    high
    Description

    Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer.

     

×