General :
K-Meleon Web Browser Forum
I needed to read a blog on the Avast! site.
Oh kwap!! What happened?
It would seem the lack of formatting comes from poorly secured out-sourcing. Count the number of "hubspot" in the <head>
and in the <body> (this has been edited in TedPad to remove huge white-space)
noting I have only a little bit of the <body>, there are many more references.
It took me a couple of cups of coffee to work out where all the "chrome" was kept :s
But if you set a couple of moz-prefs, basically banning anything that looks like SSL, you will not get any bad stuff! Unlike, for example, Pale Moon which so far I have been unable to tame.
FWIW, the blog is the only insecure part of the Avast site that I know of. The rest is quite sanitary.
Gordon.
____________________
Understanding the scope of the problem is the first step on the path to true panic. [Florence Ambrose, "Freefall" 01372 January 22, 2007 http://freefall.purrsia.com/ff1400/fv01372.htm]
Interesting...
PS: That blog looks formatted normal here (KM1.6, JS blocked ;-) randomly lots of probs with newer certificates, TLS>1.0 etc.)
Which prefs do you mean for blocking ssl-stuff?
This is it:
There's a few more SSL prefs which I must look up, but right now this is it.
It's odd, I must admit. Most Oz government sites break a little bit with KM, private sector almost never breaks. Sometimes there's a hiccup in the system and the CSS fails to arrive, but a refresh always fixes that. But I've never seen a page break as badly as this Avast blog!
And I've tried it with all my UA strings, too.
Gordon.
____________________
Understanding the scope of the problem is the first step on the path to true panic. [Florence Ambrose, "Freefall" 01372 January 22, 2007 http://freefall.purrsia.com/ff1400/fv01372.htm]
Further...
I cleared the caches on my other browsers, then put all the SSL-secured sites into my host file, and lit the browsers up.
And got the same result that KM gave me: a text-view as shown above. Then I cleared the entries. And now all my browsers do what KM does, refusing to load the unsafe elements.
But KM was able to override the cache on the first view. I'll have to check my cache settings, but I don't think they are anything very different to the other browsers, I rarely fiddle with those bits.
I now consider KM to be the most secure browser ever.
Gordon.
____________________
Understanding the scope of the problem is the first step on the path to true panic. [Florence Ambrose, "Freefall" 01372 January 22, 2007 http://freefall.purrsia.com/ff1400/fv01372.htm]
General discussion about K-Meleon
Is K-Meleon the most secure browser ever?
Posted by:
gordon451
Date: May 29, 2016 09:44AM
I needed to read a blog on the Avast! site.
Oh kwap!! What happened?
It would seem the lack of formatting comes from poorly secured out-sourcing. Count the number of "hubspot" in the <head>
and in the <body> (this has been edited in TedPad to remove huge white-space)
noting I have only a little bit of the <body>, there are many more references.
It took me a couple of cups of coffee to work out where all the "chrome" was kept :s
But if you set a couple of moz-prefs, basically banning anything that looks like SSL, you will not get any bad stuff! Unlike, for example, Pale Moon which so far I have been unable to tame.
FWIW, the blog is the only insecure part of the Avast site that I know of. The rest is quite sanitary.
Gordon.
____________________
Understanding the scope of the problem is the first step on the path to true panic. [Florence Ambrose, "Freefall" 01372 January 22, 2007 http://freefall.purrsia.com/ff1400/fv01372.htm]
Re: Is K-Meleon the most secure browser ever?
Posted by:
siria
Date: May 29, 2016 10:32AM
Interesting...
PS: That blog looks formatted normal here (KM1.6, JS blocked ;-) randomly lots of probs with newer certificates, TLS>1.0 etc.)
Which prefs do you mean for blocking ssl-stuff?
Re: Is K-Meleon the most secure browser ever?
Posted by:
gordon451
Date: May 29, 2016 12:11PM
Quote
siria
Which prefs do you mean for blocking ssl-stuff?
This is it:
general.useragent.compatMode.firefox;false geo.enabled;false plugin.scan.plid.all;false security.fileuri.strict_origin_policy;true (def) security.ssl.require_safe_negotiation;true security.ssl.treat_unsafe_negotiation_as_broken;true all rc4 and des cyphers;false security.tls.unrestricted_rc4_fallback;false
There's a few more SSL prefs which I must look up, but right now this is it.
It's odd, I must admit. Most Oz government sites break a little bit with KM, private sector almost never breaks. Sometimes there's a hiccup in the system and the CSS fails to arrive, but a refresh always fixes that. But I've never seen a page break as badly as this Avast blog!
And I've tried it with all my UA strings, too.
Gordon.
____________________
Understanding the scope of the problem is the first step on the path to true panic. [Florence Ambrose, "Freefall" 01372 January 22, 2007 http://freefall.purrsia.com/ff1400/fv01372.htm]
Re: Is K-Meleon the most secure browser ever?
Posted by:
gordon451
Date: May 30, 2016 05:20AM
Further...
I cleared the caches on my other browsers, then put all the SSL-secured sites into my host file, and lit the browsers up.
And got the same result that KM gave me: a text-view as shown above. Then I cleared the entries. And now all my browsers do what KM does, refusing to load the unsafe elements.
But KM was able to override the cache on the first view. I'll have to check my cache settings, but I don't think they are anything very different to the other browsers, I rarely fiddle with those bits.
I now consider KM to be the most secure browser ever.
Gordon.
____________________
Understanding the scope of the problem is the first step on the path to true panic. [Florence Ambrose, "Freefall" 01372 January 22, 2007 http://freefall.purrsia.com/ff1400/fv01372.htm]
English