The Lunascape Blog

We’re releasing Lunascape version 6.4.5 in response to the recent update of Firefox 3.5.18, which has an update to HTTPS certificates blacklist. According to the Mozilla Security Blog, impact to users is stated as below. Lunascape strongly suggests its users to update to Lunascape 6.4.5.

Users on a compromised network could be directed to sites using the fraudulent certificates and mistake them for the legitimate sites. This could deceive them into revealing personal information such as usernames and passwords. It may also deceive users into downloading malware if they believe it’s coming from a trusted site.

We’re also making Gecko plug-in 3.6.16 available for Lunascape 6.4.5, which has the same update. You can download it from the Luna Labs if you prefer to use Gecko engine equivalent to Firefox 3.6 series with Lunascape browser.

Thanks to many positive feedback on the 6.5 beta. We’ve decided to move the schedule forward and to release Lunascape 6.4.1, which includes most of the new features introduced in the beta, today.

As many of you know, one of the new features is Online Bookmarks that allow you to bring your bookmarks with your iPhone or iPad. You can get access to your Online Bookmarks via iLunascape anytime. Also, you can sync your Online Bookmarks with the Firefox and from both ends using the Firefox Sync or the Lunascape’s Online Sync account. You can learn more on what you can do with the Online Bookmarks in the old entry.

The next major change is a much-anticipated upgrade of the Gecko engine to the Firefox 3.6 series. The 6.4.1 has Gecko version 1.9.2.13 that corresponds to the Firefox version 3.6.13. As a result, we’re temporary closing the ‘choose your own Gecko’ project on the Luna Labs and recommend users to use the upgraded Gecko (Firefox 3.6 series) with Lunascape.

Another change is in the Lunascape Settings dialogue. Some of the options are shuffled around and re-categorized in such a way that hopefully makes more sense to users, for now…. We plan to refresh the appearance and layout of the dialogue in a future release, so your feedback are welcome.

Last but not least, the Lunascape 6.4.1 is one of the first official release that includes translations made by volunteers. Yes, that’s right. Your contributions have made this version more complete! Thank you so much to those volunteers who has made it happen. We’ll create a thank you page on our Web site and list names of the contributors to show our appreciation. Translations made through the Lunascape Localizer will be kept reflected in every releases of Lunascape (the official global version and Europe language versions) from now on. If interested, please register yourself at the Lunascape Localizer.

We’ve also released an update of iLunascape Lite for iPhone (ver. 1.1.2) today. It has the Firefox Sync 1.6 support, so incompatibility between different versions is addressed, and you should have no issue accessing to your Online Bookmarks.

Hope you’ll enjoy this new release of Lunascape 6.4.1 and iLunascape Lite for iPhone 1.1.2.

Lunascape ver. 6.3.4 is now available to download. We strongly recommend to upgrade your Lunascape to this latest version because it includes Gecko 3.5.15 that has fixed a critical security issue reported by Firefox earlier this fall. You can also plug in Gecko 3.6.12 available from the Luna Lab to the Lunascape if you’d prefer it.

We’ve also fixed two bugs that has been reported by several users. Now, the Google Toolbar will be displayed on toolbar without any errors. Also, if you’ve been having trouble with your font size, it will stay fixed according to your settings in Lunascape with Trident engine.

This release would be the last minor updates in the Lunascape ver. 6.3.x., and we’ll be now focusing more on the 6.5 Beta and new releases.

We’re releasing the Lunascape version 6.3.1 today, corresponding the vulnerability notes VU#707943 released by the US-CERT (United States Comupter Emergency Readiness Team) on August 25th, 2010.

Vulnerability Notes VU#707943:

Microsoft Windows based applications may insecurely load dynamic libraries

Overview:

Some applications for Microsoft Windows may use unsafe methods for determining how to load DLLs. As a result, these applications can be forced to load a DLL from an attacker-controlled source rather than a trusted location.

Lunascape 6.3.1 is implemented a protection against the vulnerability of Microsoft Windows and has 5 bug fixes. We highly recommend upgrading your Lunascape browser. Also, we’ve updated the Gecko engine 3.6.8 for Lunascape ver. 3.6.1. IF you’d like the Gecko engine swap, please get the updated version of the Gecko engine through the Luna Labs. Hope you all will enjoy it.

We’re announcing a release of an updated version of Lunascape browser, version 6.1.7., today. It has Gecko engine update to revision 1.9.1.10 with the following 9 security issues fixed according to Mozilla.org. As this includes important security fixes, we highly recommend upgrading your Lunascape browser as soon as you can. [To Update Lunascape]

Critical Impact

• Integer Overflow in XSLT Node Sorting
• Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal
• Freed object reuse across plugin instances
• Use-after-free error in nsCycleCollector::MarkRoots()
• Crashes with evidence of memory corruption (rv:1.9.2.4/ 1.9.1.10)
• Re-use of freed object due to scope confusion

Moderate Impact

• Content-Disposition: attachment ignored if Content-Type: multipart also present
• focus() behavior can be used to inject or steal keystrokes

Low Impact

• User tracking across sites using Math.random()

This would be ‘the last’ minor update on version 6.1.x. series.

With Lunascape 6.2, we’re going to change the way how we implement the Gecko engine, offering an option for users to install one’s preferred versions of Gecko engine to Lunascape browser. So, stay tuned for our Lunascape 6.2 release announcement!