Thursday, January 18, 2018

Pale Moon Version 27.7.1 Emergency Release


Pale Moon
Pale Moon has been updated to Version 27.7.1. This is a small emergency update to Pale Moon 27.7.0 to address website breakages as a result of an incomplete addition of a new feature in JavaScript. This also addresses too thick tab borders in some situations on Windows.

Linux versions will follow shortly. Details from the Release Notes:

Changes/fixes:
  • Added support for Array.prototype[@@unscopables].
    Unfortunately, the addition of Javascript's ES6 Unscopables in 27.7.0 was incomplete, which caused a number of websites (e.g. Chase on-line banking, some Russian government sites) to display blank or not complete loading after updating to that version of the browser. This update should fix the problem by adding the missing part of the feature.
  • Fixed an issue with the default theme causing tab borders to be drawn too thick at higher settings for visual element scaling (125%/150%) in Windows.
     Minimum system Requirements (Windows):
    • Windows Vista/Windows 7/8/10/Server 2008 or later
    • Windows Platform Update (Vista/7) strongly recommended
    • A processor with SSE2 instruction support
    • 256 MB of free RAM (512 MB or more recommended)
    • At least 150 MB of free (uncompressed) disk space
    Pale Moon includes both 32- and 64-bit versions for Windows:

    Update

    To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.




    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...


    Wednesday, January 17, 2018

    Oracle Java SE Critical Security Update

    java

    Oracle released the scheduled critical security updates for its Java SE Runtime Environment software.  The update contains 21 new security fixes for multiple versions of Java SE, 18 of which are remotely exploitable without authentication.  The update also includes numerous bug fixes.

    Update

    If Java is still installed on your computer, it is recommended that this update be applied as soon as possible due to the threat posed by a successful attack.

    Download Information

    Java SE 8u161/8u162
    Java™ SE Development Kit 8, Update 161 Release Notes
    Java™ SE Development Kit 8, Update 162 Release Notes
    Java SE Runtime Environment 8 - Downloads

    Java SE 9.0.4  (x64-bit only)
    Java™ SE Development Kit 9.0.4 Release Notes
    Java SE Runtime Environment 9 - Downloads
    Notes:
    • UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.  Preferably, see the instructions below on how to handle "Unwanted Extras".  
    • Oracle does not plan to migrate desktops from Java 8 to Java 9 through the auto update feature.  Therefore, it is strongly recommended that you uninstall JRE 8 prior to updating.
    • Verify your versionhttp://www.java.com/en/download/testjava.jsp.   Note:  The Java version verification page will only work if your browser has NPAPI support.  In that case, to check the version, open a cmd window and enter the following (note the space following Java):  java -version

    Critical Patch Updates

    For Oracle Java SE Critical Patch Updates, the next scheduled dates are as follows:
    • 17 April 2018
    • 17 July 2018
    • 16 October 2018
    • 15 January 2019

    Unwanted "Extras"

    Although most people do not need Java on their computer, there are some programs and games that require Java.  In the event you need to continue using Java, How-to Geek discovered a little-known and  unpublicized option in the Java Control Panel to suppress the offers for the pre-checked unwanted extras that Oracle has long included with the updates.  Although the Ask Toolbar has been removed, tha does not preclude the pre-checked option for some other unnecessary add-on.

    Do the following to suppress the sponsor offers:
    1. Launch the Windows Start menu
    2. Click on Programs
    3. Find the Java program listing
    4. Click Configure Java to launch the Java Control Panel
    5. Click the Advanced tab and go to the "Miscellaneous" section at the bottom.
    6. Check the box by the “Suppress sponsor offers when installing or updating Java” option and click OK.
    Java suppress sponsor offers

    Java Security Recommendations

    1)  In the Java Control Panel, at minimum, set the security to high.
    2)  Keep Java disabled until needed.  Uncheck the box "Enable Java content in the browser" in the Java Control Panel.

    3)  Instructions on removing older (and less secure) versions of Java can be found at http://java.com/en/download/faq/remove_olderversions.xml

    References




    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...




    Monday, January 15, 2018

    Pale Moon Version 27.7.0 Released with Security Updates


    Pale Moon
    Pale Moon has been updated to Version 27.7.0. This is a stability and bugfix release, as well as adding a number of new features to further improve web compatibility.  Details from the Release Notes:

    Security/privacy fixes:

    • Disabled automatic filling in of log-in details by default to prevent potential risks of credentials being abused (e.g. for tracking) or stolen.
    • Added a preference (in the category security) to easily enable or disable automatic filling in of log-in data.
    • Removed the sending of referrers when opening a link in a new private window.
    • Added an option to disable the page visibility Web API (dom.visibilityAPI.enabled), allowing users to prevent pages from knowing whether they are being actively displayed to the user or not.
    • Removed the "ask every time" policy for cookies. For granular control, please use any of the excellent available extensions to regulate cookie use on a per-site or per-url basis.
    • Added support for X-Content-Type-Options: nosniff (for scripts).
    • Changed the resolution of performance timers to a level where any future potential abuse for hardware-timing attacks becomes impractical. DiD
    DiD This means that the fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.
    Changes/fixes:
    • Reorganized access to preferences (moved to the Tools menu on Linux, and renamed from "Options" to "Preferences" on Windows).
    • Renamed "Restart with add-ons disabled" to "Restart in Safe Mode" to better reflect what it does.
    • Worked around an issue with some improperly-encoded PNG files not decoding after our libpng update.
    • Fixed an issue on Mac builds not properly populating the application menu.
    • Added "My home page" as an option for new tabs.
    • Added an option to disable the 4th and 5th mouse buttons (Windows).
      (mouse.button4.enabled and mouse.button5.enabled, respectively)
    • Improved the resetting of non-default profiles.
    • Fixed an issue with details/summary having the incorrect height if floated, breaking layouts.
    • Made several more improvements to the details/summary tags to align them with the current spec and fix some additional bugs.
    • Implemented support for flex/columnset contents inside buttons to align its behavior with other browsers.
      (this should fix layout issues with Twitch's new web interface)
    • Fixed an issue where CSS clone operations would draw a border.
    • Changed the way fractional border widths are rounded to provide more natural behavior.
    • Fixed an issue where number inputs would incorrectly be flagged as read-only.
    • Added assets for tile display in the Windows start panel.
    • Finished sync infra swapover by adding a one-time pref migration for server used.
    • Improved WebAudio API: Return the connected audio node from AudioNode.connect()
    • Added support for a default playback start position in media elements.
    • Fixed an assert in cubeb-alsa code (Linux).
    • Added support for media cue-change events (e.g. subtitles).
    • Updated SQLite to 3.21.0.
    • Fixed a crash when trying to use the platform embedded.
    • Fixed devtools (gcli) screenshots on vertical-text pages.
    • Fixed devtools copy as cURL for POST requests.
    • Improved the HTML editor component (several bugfixes).
    • Added support for ES7's exponentiation a ** b operator.
    • Fixed an issue with arrow functions incorrectly creating an 'arguments' binding.
    • Added Javascript's ES6 "unscopables".
     Minimum system Requirements (Windows):
    • Windows Vista/Windows 7/8/10/Server 2008 or later
    • Windows Platform Update (Vista/7) strongly recommended
    • A processor with SSE2 instruction support
    • 256 MB of free RAM (512 MB or more recommended)
    • At least 150 MB of free (uncompressed) disk space
    Pale Moon includes both 32- and 64-bit versions for Windows:

    Update

    To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.




    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...