topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • August 22, 2019, 04:54 PM
  • Proudly celebrating 13 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Pale Moon as my browser due to the wonderful extensions  (Read 903 times)

Steven Avery

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 977
    • View Profile
    • Donate to Member
Linkman - just get the right .xpi (different .xpi for Chrome, Firefox Quantum, etc)
Download it and pick it up from the file search in extensions.

OneTab (also available on Chrome, Firefox Quantum etc)

========================

The KEY Reasons, especially 1-2

Tab Mix Plus
Roomy Bookmarks
Lazarus

(you can add some here - especially ones that do not have comparable functionality in the modern Chrome-Quantum worlds)

========================

Using Legacy Collector it takes five minutes to have these installed:
http://www.legacycollector.org/

I know this is a bit of a rehash.

And I still have reasons to use modern Chrome (e.g. Gmail utilities) and Firefox and others, but I think for now Pale Moon is the #1 for general browsing.

Waterfox might be just as good, just checked seems fine.
Cyberfox also loads those extensions.
No reason to work with Firefox 56 or 52.

Your thoughts!
« Last Edit: July 15, 2019, 09:35 AM by Steven Avery »

Shades

  • Member
  • Joined in 2006
  • **
  • Posts: 2,569
    • View Profile
    • Donate to Member
Re: Pale Moon as my browser due to the wonderful extensions
« Reply #1 on: July 15, 2019, 09:31 AM »
PaleMoon (ZDNet) has admitted that their download servers have been spreading malware in older versions of their browser.


Steven Avery

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 977
    • View Profile
    • Donate to Member
Re: Pale Moon as my browser due to the wonderful extensions
« Reply #2 on: July 15, 2019, 09:47 AM »
Thanks.  I am only using latest versions.
Quite a blunder on the PaleMoon people (remember, even CCleaner had a problem, with a current version.)

Semi-tech discussion about WebExtension and URL

Basiliks Browser Drops Webextension Support
https://www.ghacks.n...ebextension-support/

Basilisk would be the 4th alternative, but it is very little different than PaleMoon

I added uBlock Origen to these browsers from the LegacyCollector
Also Tab Flick.
« Last Edit: July 15, 2019, 09:56 AM by Steven Avery »

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 11,473
    • View Profile
    • Donate to Member
Re: Pale Moon as my browser due to the wonderful extensions
« Reply #3 on: July 15, 2019, 03:07 PM »
Still mainly using Pale Moon, but struggling:

pros:
tabmixplus & Session Manager extensions work -- these two have always been the most important add-ons to me, cant understand why decent versions not implemented for most (all?) other browsers.

cons:
Paypal wasnt working for a good while (may be now -- see next though); LastPass in PaleMoon wont work with Microsoft Authenticator on Android -- even though it used work happily with same on Windows phone (this does work okay in Firefox).
Tom

cyberdiva

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,039
    • View Profile
    • Donate to Member
Re: Pale Moon as my browser due to the wonderful extensions
« Reply #4 on: July 17, 2019, 06:28 PM »
Steven, I'm so glad you mentioned Lazarus. I have used and loved that extension for years. It has saved me innumerable times when problems arose and I lost what I was typing on the web. I can't imagine being without it. Of course, that means I'm not using Firefox, but I bailed out several years ago and moved to Pale Moon, which I've been using happily since then. I'm also using Linkman. As far as I know, it hasn't been upgraded in quite a while, but that's fine with me. I love it just as it is. 

Steven Avery

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 977
    • View Profile
    • Donate to Member
Re: Pale Moon as my browser due to the wonderful extensions
« Reply #5 on: July 21, 2019, 03:50 PM »
FYI:
It does seem that LastPass may be problematic with Pale Moon and similar.  The last one referred to as compatible was 3.3.4 but there is some sort of vulnerability involved. And since this is a delicate area, I will just use LastPass from the Taskbar and/or Desktop capabilities.

cyberdiva

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,039
    • View Profile
    • Donate to Member
Re: Pale Moon as my browser due to the wonderful extensions
« Reply #6 on: July 21, 2019, 11:22 PM »
Steven,

Yes, I think you're right that the last version of LastPass to work with  Pale Moon is 3.3.4. That's what I have on my computer, and it seems to work well. What sort of vulnerability does using it involve?

Steven Avery

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 977
    • View Profile
    • Donate to Member
Re: Pale Moon as my browser due to the wonderful extensions
« Reply #7 on: July 22, 2019, 06:03 AM »
Good question.  I decided to study this out.  3.3.4 is retired, and may contain a vulnerability.

Here there is some description, starting with an earlier vulnerability in 3.3.2.

LastPass releases fix browser extension security flaws
March 23, 2017
https://www.computer...nsion-security-flaws
"Users can also update to Firefox 3.3.4, however, as we noted previously, the 3.x version of LastPass will be retired in the coming weeks.”

LastPass has fixed three bugs in the password manager discovered by Google research Tavis Ormandy in the last 24 hours.
March 22, 2017
https://threatpost.c...ities-remain/124471/
"LastPass incorporated a fix for that vulnerability into version 3.3.4 of the add-on, released Wednesday morning. Firefox users should be automatically updated to the latest version, Ormandy said."

Discussion of the Ormandy-LastPass interactions:
Threatpost - March 22
LastPass Fixes Three Password Theft Vulnerabilities
https://threatpost.c...ities-remain/124471/

=====================

This whole discussion is good, the extract is from the last quote.

LastPass Bug
Bogleheads
April 1, 2017
https://www.boglehea...ewtopic.php?t=215129

MudPuppy
There have been several attacks over the years against browser extensions for LastPass specifically and other password vaults in general. In most cases, this involves somehow fooling the browser extension into thinking you are on XYZ website, when you are actually on ABC website. By using the browser extension to have the convenience of automatically logging in to a site when you visit it, you've opened yourself to the risk that the browser extension is tricked this way.

The simplest solution is to just not use the browser extensions for a password vault. Take the extra 30 seconds to manually cut-and-paste the password from the vault into the website when you want to log in (or the extra minute to manually type it out). Then you don't have to worry about browser extensions being fooled, you just have to worry about you being fooled (e.g. phishing or other social engineering).

========================

Tavis Ormandy on Twitter
https://twitter.com/taviso

========================

While it says there that the problem was in 3.3.2 you have this:

Is Fx extension 3.3.4 affected by the latest vulnerability?
April 7, 2017
https://forums.lastp...hp?f=12&t=252675
"YES 3.3.4 is affected"

Not sure if that is true, it may have been an extrapolation from:
"All of your LastPass browser extensions should be updated to version 4.1.44 or higher"
https://blog.lastpas...pass-extension.html/

Pale Moon Forum
PM 27.2.0 not allowing CRITICAL update to LASTPASS
https://forum.palemo...iewtopic.php?t=15223
Try to download 4.1.36a and install it using Moon Tester Tool, but note the warnings and restrictions while doing so! If everything works well I advise you to ask the developers about the official Pale Moon support. All the necessary technical information is here, just add this link to your request.

Major Geeks wonders if 3.3.4 has vulnerabilities
https://forums.major...word-manager.316936/

Reddit back and forth, how quick was Lastpass, and no clear indication on 3.3.4
https://www.reddit.c...d_lastpass_password/

Wilders
https://www.wilderss...ssion.372873/page-13

Mozillazine
https://discourse.mo...ersion-3-3-4/15380/6
http://forums.mozill...hp?f=3&t=3029141

A competitor attacks LastPass
https://palant.de/20...security-done-wrong/

==========================

POSSIBLY 3.3.4 IS VULNERABLE - THIS IS A SECOND THINGY

Security Update for the LastPass Extension
March 27, 2017 - updated March 31
https://blog.lastpas...pass-extension.html/

TavisO finds yet another LP code execution exploit
https://forums.lastp...=251065&start=10
This may effect 3.3.4.
All of your LastPass browser extensions should be updated to version 4.1.44 or higher

================================

cyberdiva

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,039
    • View Profile
    • Donate to Member
Re: Pale Moon as my browser due to the wonderful extensions
« Reply #8 on: July 22, 2019, 07:53 PM »
Thanks very much, Steven, for the detailed information. I knew a small part of this, but not most of it. I'm a little unclear about a way around this. I always access LastPass through the browser. So even if I were to go to LastPass, copy my password, and paste or type it in, wouldn't my accessing LastPass through the browser (via the little red icon in the upper right corner) also be problematic?  I mean, I type my master password in order to access my vault in LastPass. Or is it just somehow the LastPass mechanism in 3.3.4 that makes me vulnerable?