Jump to content
CCleaner Community Forums

trium

Experienced Members
  • Content Count

    1,841
  • Joined

  • Last visited

Everything posted by trium

  1. ff v68.0 esr 09. july 2019 New A number of features improve the browser experience in enterprise settings. MSI installer file type is included in this release, helping make deployments in the Windows environment easier and more flexible. Configuration profiles in macOS The ability to read added certificates roots from the macOS Keychain For all operating systems, we have a number of additional policies including: New tab page configuration and disabling Local file links Download behavior Search suggestions Managed storage for using policies in Webextensions Extension configuration (allow/deny) by ID and website A subset of commonly used Firefox preferences You can see a full list of policies here. User and enterprise added certificates are read from the operating system by default. Fixed Local files can no longer access other files in the same directory. Changed Added support for the event property on the Window object to improve web compatibility for enterprises. Developer Developer Information unresolved Windows Background Intelligent Transfer Service (BITS) update download for proxy users with authentication will fall back to legacy update system on Windows (bug 1561200) Service workers and push notifications remain disabled in Firefox ESR
  2. ff v60.8.0 esr 09. july 2019 Fixed Various security fixes Security vulnerabilities fixed in Firefox ESR 60.8 Announced July 9, 2019 Impact critical Products Firefox ESR Fixed in Firefox ESR 60.8 #CVE-2019-9811: Sandbox escape via installation of malicious language pack Reporter Niklas Baumstark Impact high Description As part of his winning Pwn2Own entry, Niklas Baumstark demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. References Bug 1538007 Bug 1539598 Bug 1563327 #CVE-2019-11711: Script injection within domain through inner window reuse Reporter Boris Zbarsky Impact high Description When an inner window is reused, it does not consider the use of document.domain for cross-origin protections. If pages on different subdomains ever cooperatively use document.domain, then either page can abuse this to inject script into arbitrary pages on the other subdomain, even those that did not use document.domain to relax their origin security. References Bug 1552541 #CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects Reporter Gregory Smiley of Security Compass Impact high Description POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an attacker to perform Cross-Site Request Forgery (CSRF) attacks. References Bug 1543804 #CVE-2019-11713: Use-after-free with HTTP/2 cached stream Reporter Hanno Böck Impact high Description A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash. References Bug 1528481 #CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault Reporter Jonas Allmann Impact moderate Description Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. References Bug 1515342 #CVE-2019-11715: HTML parsing error can contribute to content XSS Reporter Linus Särud Impact moderate Description Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites in certain circumstances. References Bug 1555523 #CVE-2019-11717: Caret character improperly escaped in origins Reporter Tyson Smith Impact moderate Description A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. References Bug 1548306 #CVE-2019-11719: Out-of-bounds read when importing curve25519 private key Reporter Henry Corrigan-Gibbs Impact moderate Description When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. References Bug 1540541 #CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin Reporter Luigi Gubello Impact moderate Description A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these directories and they may uploaded to a server. Luigi Gubello demonstrated that in combination with a popular Android messaging app, if a malicious HTML attachment is sent to a user and they opened that attachment in Firefox, due to that app's predictable pattern for locally-saved file names, it is possible to read attachments the victim received from other correspondents. References Bug 1558299 #CVE-2019-11709: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 Reporter Mozilla developers and community Impact critical Description Mozilla developers and community members Andreea Pavel, Christian Holler, Honza Bambas, Jason Kratzer, and Jeff Gilbert reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. References Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8
  3. ff v68.0 09. july 2019 New Dark mode in reader view expands so that windows are also dark on the controls, sidebars and toolbars. Improved extension security and discovery: New reporting feature in about:addons allows you to report security and performance issues with extensions and themes. Redesigned extensions dashboard in about:addons provides easy access to information about your extensions, including data and settings access required by each extension. Find high quality, secure extensions via the Recommended Extensions program in about:addons, which now displays user count and ratings for each extension. "Recommended” badges for these extensions also appear on AMO. More extensions will be added over time. Cryptomining and fingerprinting protections are added to strict content blocking settings in Privacy & Security preferences. WebRender will roll out to Windows 10 users with AMD graphics cards. Windows Background Intelligent Transfer Service (BITS) update download support, which allows Firefox update downloads to continue when Firefox is closed. Fixed Various security fixes Local files can no longer access other files in the same directory. Changed Unified existing locales (bn-BD, bn-IN) under a single Bengali (bn) localization. The following unmaintained translations have been removed: Assamese (as), English - South Africa (en-ZA), Maithili (mai), Malayalam (ml), Odia (or). Existing users will be migrated to the British English (en-GB) version. When an HTTPS error caused by antivirus software is detected, Firefox will attempt to automatically fix it Camera and microphone access now require an HTTPS connection. The way non-default preferences are synced has changed. Please see this support article for more details Enterprise For all operating systems, we have a number of additional policies including: New tab page configuration and disabling Local file links Download behavior Search suggestions Managed storage for using policies in Webextensions Extension whitelisting and blacklisting by ID and website A subset of commonly used Firefox preferences You can see a full list of policies here. Developer Developer Information Firefox Developer Tools now offers a full page color contrast audit that identifies all elements on a page that fail color contrast checks. Added about:compat, where website-specific workarounds are listed and may be toggled. These workarounds are meant as temporary fixes for various forms of website breakage for Firefox, while the website fixes them in due time. With about:compat, it is now easy to see all of the workarounds that are active in Firefox, and easy for website developers to disable a given workaround for testing purposes. Introduces CSS Scroll Snap module that enforces scroll snap positions. unresolved The new URL bar implementation does not handle javascript: bookmarklets triggered via bookmark keywords correctly yet (bug 1552141)
  4. trium

    ublock users

    ublock v1.20.2 gorhill released this Jul 2, 2019 No changes from 1.20.0. This release exists only to fulfill a request by Mozilla that I submit a new version even if there is no code change, so as to test changes on the back-end of AMO.
  5. hello granadamike, perhaps "smart cleaning" is activated you can deactivate it: ccleaner -> options -> smart cleaning -> disable both note: if you do this, you must start ccleaner manually to clean your pc
  6. thanks hazelnut :-) Summary : Read buffer overflow & double free Date : June 2019 Affected versions : VLC media player 3.0.6 and earlier Security: * Fix multiple buffer overflows in the ps demuxer * Fix a buffer overflow when copying a biplanar YUV image * Fix multiple buffer overflows in the faad decoder * Fix buffer overflow in the svcdsub decoder * Fix buffer overflows in the ogg muxer & demuxer * Fix buffer overflows in libavformat demuxer * Fix multiple buffer overflows in the MKV demuxer * Fix a buffer overflow in the MP4 demuxer * Fix a buffer overflow in the textst decoder * Fix a buffer overflow in the webvtt decoder * Fix a buffer overflow in the ASF demux * Fix a buffer overflow in the UPNP SD * Fix use after free in the ogg demuxer * Fix multiple use after free in the MKV demuxer * Fix multiple use after free in the DMO decoder * Fix integer underflow in the MKV demuxer * Fix an updater NULL pointer dereference on invalid signing keys * Fix NULL pointer dereference in the MKV demuxer * Fix an integer overflow in the spudec decoder * Fix an integer overflow in the nsc demuxer * Fix an integer overflow in the avi demuxer * Fix reads of uninitialized pointers in the MKV demuxer * Fix a floating point exception in the MKV demuxer * Fix an infinite loop in the flac packetizer
  7. trium

    vlc media player

    it seems to be a version 3.0.7.1-1 * fixes a macOS only packaging issue, additionally.
  8. trium

    .NET Framework 4.8

    good wish :-) i mean ms has another wishes with his versions of netframework... from the beginning with 1 and 1.1 and 2 - two is not compatible with one and so on (i remember me darkly that are two different developer) also the different versions of the 2 dont be good and the installation progress was long sometimes also bad and the whole net-installation was for the toilet :-) i have 4.8 not installed. i take only what this or one needed to be run - this also saves me a lot of updates
  9. ff v60.7.2 esr 20. june 2019 Fixed Security fix
  10. ff v67.0.4 20. june 2019 Fixed Security fix
  11. bad way from microsoft -> all this updates after support finishing comes not with integrated microsoft update and must download manually from update-catalog or update thing...
  12. defraggler has this feature --> defraggler -> settings -> boot time defrag choose 1.) disabled 2.) run once 3.) run every time
  13. perhaps ... untick smart cleaning options ccleaner -> options -> smartcleaning -> untick both ---> "tell me there are junk files to clean" ---> "enable smart cleaning"
  14. ff.v68.0 esr is near :-) perhaps 9. july 2019
  15. ff v60.7.1 esr 18. juni 2019 Fixed Security fix Developer Developer Information
  16. ff v67.0.3 18. juni 2019 Fixed Security fix Developer Developer Information
  17. belated ff 67.0.2 ... 11. juni 2019 Fixed Fix JavaScript error ("TypeError: data is null in PrivacyFilter.jsm") in console which may significantly degrade sessionstore reliability and performance (bug 1553413) Proxy authentication dialog box repeatedly pops up asking to authenticate after upgrading to Firefox 67 (bug 1548804) Pearson MyCloud breaks if FIDO U2F is not Chrome's implementation (bug 1551282) Starting in safe mode on Linux or macOS causes Firefox to think on the subsequent launch that the profile is too recent to be used with this version of Firefox (bug 1556612) Linux distribution users can't easily install/use additional/different languages using the built-in preferences UI (bug 1554744) Developer tools users can't copy the href/src content from various HTML tags via the context menu in the Inspector markup view (bug 1552275) Custom home page is broken with clearing data on shutdown settings applied (bug 1554167) Performance-regression for eclipse RAP based applications (bug 1555962) macOS 10.15 crash fix (bug 1556076) Can't start two downloads in parallel via <a download> anymore (bug 1542912) Developer Developer Information
  18. i mean office 365 is the same "installation" as ms office 2010 starter (click & run) only cached on the os do you use "winapp2.ini"?
  19. trium

    vlc media player

    Changes between 3.0.7 and 3.0.7.1: ---------------------------------- Access: * Update libbluray to 1.1.2 macOS: * Fix bluray java menu playback regression in 3.0.7 Video Output: * Fix hardware acceleration with some AMD drivers * Improve direct3d11 HDR support
  20. trium

    vlc media player

    Changes between 3.0.6 and 3.0.7: -------------------------------- Access: * Improve Blu-ray support * Fix sftp module build with libssh >= 1.8.1 Audio output: * Fix pass-through on Android-23 * Fix DirectSound drain Demux: * Improve MP4 support Video Output: * Fix 12 bits sources playback with Direct3D11 * Fix crash on iOS * Fix midstream aspect-ratio changes when Windows hardware decoding is on * Fix HLG display with Direct3D11 Stream Output: * Improve Chromecast support with new ChromeCast apps macOS: * Fix UPNP service discovery, services are discovered on the highest priority active network interface now * Fix video distortion on macOS Mojave Misc: * Update Youtube, Dailymotion, Vimeo, Soundcloud scripts * Work around busy looping when playing an invalid item with loop enabled Translations: * Update of most translations Security: * Fix multiple buffer overflows in the ps demuxer * Fix a buffer overflow when copying a biplanar YUV image * Fix multiple buffer overflows in the faad decoder * Fix buffer overflow in the svcdsub decoder * Fix buffer overflows in the ogg muxer & demuxer * Fix buffer overflows in libavformat demuxer * Fix multiple buffer overflows in the MKV demuxer * Fix a buffer overflow in the MP4 demuxer * Fix a buffer overflow in the textst decoder * Fix a buffer overflow in the webvtt decoder * Fix a buffer overflow in the ASF demux * Fix a buffer overflow in the UPNP SD * Fix use after free in the ogg demuxer * Fix multiple use after free in the MKV demuxer * Fix multiple use after free in the DMO decoder * Fix integer underflow in the MKV demuxer * Fix an updater NULL pointer dereference on invalid signing keys * Fix NULL pointer dereference in the MKV demuxer * Fix an integer overflow in the spudec decoder * Fix an integer overflow in the nsc demuxer * Fix an integer overflow in the avi demuxer * Fix reads of uninitialized pointers in the MKV demuxer * Fix a floating point exception in the MKV demuxer * Fix an infinite loop in the flac packetizer
  21. what temporary files we are talking about? c:\windows\temp? c:\users\you\appdata\local\temp? if ccleaner not works fast enought/hangs... windows disk cleanup take is time too... try this open your windows-explorer go to "c:\windows\temp" in this folder -> "select all" (subfolders and files in temp) -> delete it go to c:\users\you\appdata\local\temp in this folder -> "select all" (subfolders and files in temp) -> delete it ps: i have it in ccleaner -> includelist with option "with files and subfolders"
  22. trium

    ublock users

    ublock v1.20.0 gorhill released this Jun 14, 2019 Closed as fixed Does not block large media fetched over Fetch API Last permanent rule is marked as changed when rules are added to the bottom Dashboard open from uBO popup triggers unsaved changes dialog Multiple "Advanced settings" opened Redirection fails for filters having * in the host part Show requests blocked in the logger as a result of csp= option Element picker normalize style attrib "#@#+js" entries are shown in the logger as yellow instead of green no-scripting: behind-the-scene false sticks even after restoring uBO from a config where it's not present Revert button remains active/clickable after clicking on Apply changes "Block element" item should have ellipsis (usability) Nested !#if/!#endif directives not evaluated properly Hide predefined whitelist directives Non-specific procedural filters HTML filter showing up as cosmetic filter in logger No warning for unsaved changes in dashboard Logger: can't bring up filtering options for popup entries where URL does not start with http Switching configuration tabs [appears to stop] list updates Cosmetic filter exceptions not displayed in network request logger Commits with no entry in issue tracker Fix generichide not being evaluated for local context Discard whole filter with bad csp= content Add a link to the remote asset in asset viewer Rearrange inner loop of static network filtering engine Fix "Close this window" not working on document-blocked page Add support for all filter option Set default delay for creating selfie to 3 minutes Avoid duplicated strings in filterOrigin w/ new approach Revisit code to benefit from ES6 syntax Refactor runtime storage of specific cosmetic filters Add support for nth-ancestor operator in HTML filtering Ensure "Ignore generic cosmetic filters" sticks on Fennec
  23. where is the crying smile? i dont find it
  24. i dont use easy clean mode... what is with "analyze" -shows ccleaner also "internet explorer cookies skipped"?
×
×
  • Create New...