DCM is a user on bsd.network. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.

@mulander a fun game is to look through mozilla's security advisories from about a year or two ago, find a good one (sev:critical, rce), search mozilla's tree for the bug number to find the patch, and then check if pale moon has the same code and if they patched it 😬

that's why I won't touch it


@cb Never realized that Pale Moon does not have the same code like Firefox? The patches what Mozilla inserts are useless if the code does not exist in Pale Moon. And pretty much code of Mozilla of lately is not around.

How should the security issue arrive then? Present from Avatar or Santa Claus?

· Web · 0 · 0

@DCM @cb they might not share newly added issues (assuming they don't take any patches from upstream Firefox) but they do share a common ancestor so a large portion of the code.

Very often, newly found vulnerabilities are actually very old.

Take for example this: securityfocus.com/bid/96691

Security issue from March 2017 - it was present in the browser since Mozilla Firefox 0.1...

@DCM Did you miss where I said "check if pale moon has the same code"? And anyway, the vast majority of pale moon is still old firefox code