Monday, March 26, 2018

Mozilla FIrefox Version 59.0.2 Released with Security Update


FirefoxMozilla sent Firefox Version 59.0.2 to the release channel today.  The update has one security update identified as high and numerous fixes.

ESR has been updated to version 52.7.3.

Security Fixes

Fixed

  • Invalid page rendering with hardware acceleration enabled (Bug 1435472)
  • Windows 7 users with touch screens or certain 3rd party desktop applications which interact with Firefox through accessibility services may experience random browser crashes. Known 3rd party applicatioins with issues: StickyPassword, Windows 7 touch screen. (Bug 1424505)
  • Browser keyboard shortcuts (eg copy Ctrl+C) don't work on sites that use those keys with resistFingerprinting enabled (Bug 1433592)
  • High CPU / memory churn caused by third-party software on some computers (Bug 1446280)
  • Users who have configured an "automatic proxy configuration URL" and want to reload their proxy settings from the URL will find the Reload button disabled in the Connection Settings dialog when they select Preferences/Options > Network Proxy > Settings... (Bug 1445991)
  • URL Fragment Identifiers Break Service Worker Responses (Bug 1443850)
  • User's trying to cancel a print around the time it completes will continue to get intermittent crashes (Bug 1441598)
  • Broken getUserMedia (audio) on DragonFly, FreeBSD, NetBSD, OpenBSD. Video chat apps either wouldn't work or be always muted (Bug 1444074)

Update:
To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

References




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Thursday, March 22, 2018

Pale Moon Version 27.8.2 Released with Security Updates


Pale Moon
Pale Moon has been updated to version 27.8.2.  This is a security update which includes DiD* fixes.  Details from the Release Notes:

Changes/fixes:
  • Privacy fix: prevented update checks for the default theme.
  • Added a user-agent override for Dropbox to improve compatibility with their service.
  • Fixed an issue with mouseover handling related to (CVE-2018-5103). DiD
  • Disabled the Mac OSX Nano allocator. DiD
  • Fixed (CVE-2018-5129) OOB Write.
  • Updated the lz4 library to 1.8.0 to solve potential issues. DiD
  • Fixed (CVE-2018-5137) Path traversal on chrome:// URLs
  • Fixed several memory safety an synchronicity hazards.
DiD This means that the fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.
       Minimum system Requirements (Windows):
      • Windows Vista/Windows 7/8/10/Server 2008 or later
      • Windows Platform Update (Vista/7) strongly recommended
      • A processor with SSE2 instruction support
      • 256 MB of free RAM (512 MB or more recommended)
      • At least 150 MB of free (uncompressed) disk space
      Pale Moon includes both 32- and 64-bit versions for Windows:

      Update

      To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.




      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...


      Friday, March 16, 2018

      Mozilla Firefox Version 59.0.1 Released with Critical Security Update


      FirefoxMozilla sent Firefox Version 59.0.1 to the release channel today.  The update addresses a critical security vulnerability uncovered in by Richard Zhu via Trend Micro's Zero Day Initiative, Pwn2Own 2018.

      ESR has been updated to version 52.7.2.

      Security Fixes

      Unresolved


      Update:
      To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

      References




      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...

      Tuesday, March 13, 2018

      Microsoft March, 2018, Security Updates



      The March security release consists of 75 CVEs, of which 14 are listed as Critical, and 61 are rated Important in severity. Two are listed as being publicly known but none are listed as being under active attack.  In particular, note CVE-2018-0886, CVE-2018-0940 and CVE-2018-0868 discussed in this month's Zero Day Initiative — The March 2018 Security Update Review by Dustin Childs.

      The updates address Remote Code Execution, Elevation of Privilege, Denial of Service, Information Disclosure, Elevation of Privilege and Security Feature Bypass 

      The release consists of security updates for the following software:

      • Internet Explorer
      • Microsoft Edge
      • Microsoft Windows
      • Microsoft Office and Microsoft Office Services and Web Apps
      • Microsoft Exchange Server
      • ASP.NET Core
      • .NET Core
      • PowerShell Core
      • ChakraCore
      • Adobe Flash
      Known Issues: 4088787, 4088782, 4088776, 4088786, 4088779, 4088876, 4088879, 4088875 and 4088878.

      More:  For more information about the updates released today, see https://portal.msrc.microsoft.com/en-us/security-guidance/summary.  Updates can be sorted by OS from the search box. Information about the update for Windows 10 is available at Windows 10 Update history.

      Additional Update Notes

      • Adobe Flash Player -- For Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1 and Windows 10, Adobe Flash Player is now a security bulletin rather than a security advisory and is included with the updates as identified above.
      • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.  Note:  Users who are paranoid about the remote possibility of a FP can opt to run this tool from a Command Prompt, appending a   /N   parameter [for "detect only" mode].
      • Windows 10 -- A summary of important product developments included in each update, with links to more details is available at Windows 10 Update History. The page will be regularly refreshed, as new updates are released.

      References


      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...





      Mozillia Firefox Version 59 Released


      FirefoxMozilla sent Firefox Version 59.0 to the release channel today.  The update addresses a number of bugs as well as security fixes for both Firefox and Firefox ESR.

      ESR has been updated to version remains at version 52.7.0.

      Security Fixes


       New
      • Performance enhancements:
        - Faster load times for content on the Firefox Home page
        - Faster page load times by loading either from the networked cache or the cache on the user’s hard drive (Race Cache With Network)
        - Improved graphics rendering using Off-Main-Thread Painting (OMTP) for Mac users (OMTP for Windows and Linux was released in Firefox 58)
      • Drag-and-drop to rearrange Top Sites on the Firefox Home page, and customize new windows and tabs in other ways
      • Added features for Firefox Screenshots:
        - Basic annotation lets the user draw on and highlight saved screenshots
        - Recropping to change the viewable area of saved screenshots
      • Enhanced WebExtensions API including better support for decentralized protocols and the ability to dynamically register content scripts
      • Improved Real-Time Communications (RTC) capabilities.
        - Implemented RTP Transceiver to give pages more fine grained control over calls
        - Implemented features to support large scale conferences
      • Added support for W3C specs for pointer events and improved platform integration with added device support for mouse, pen, and touch screen pointer input
      • Added the Ecosia search engine as an option for German Firefox
      • Added the Qwant search engine as an option for French Firefox
      • Added settings in about:preferences to stop websites from asking to send notifications or access your device’s camera, microphone, and location, while still allowing trusted websites to use these features

      Fixed

      Changed

      • Firefox Private Browsing Mode will remove path information from referrers to prevent cross-site tracking

      Unresolved

      Update:
      To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

      References




      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...

      Adobe Flash Player Critical Security Update

      Adobe Flashplayer

      Adobe has released Version 29.0.0.113 of Adobe Flash Player.  These updates address critical vulnerabilities that could lead to remote code execution affecting version 28.0.0.161 and earlier.  Successful exploitation could potentially allow an attacker to take control of the affected system.  The update addresses CVE-2018-4919 and CVE-2018-4920, both critical vulnerabilities.

      Release date:  March 13, 2018
      Vulnerability identifier: APSB18--05
      Platform:  Windows, Macintosh, Linux and Chrome OS

      Update:

      *Important Note:  Downloading the update from the Adobe Flash Player Download Center link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras that you do not want.  They are not needed for the Flash Player update.

        Verify Installation

        To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

        Do this for each browser installed on your computer.

        To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

        References



        Remember - "A day without laughter is a day wasted."
        May the wind sing to you and the sun rise in your heart...









        Tuesday, March 06, 2018

        Update: Pale Moon Version 27.8.1 Released


        Pale Moon
        Update:  Pale Moon has been updated to version 27.8.1 to address some breaking issues.
         
        Changes/fixes:

        • Backed out the NSPR/NSS update from 27.8.0 for causing crashes, general operational instability and handshake issues.
        • Disabled TLS 1.3 draft support by default, because with the NSS backout we only support an older draft right now that is no longer current and may cause connectivity issues. You can manually re-enable it at your own risk in about:config by setting security.tls.version.max to 4.


        Pale Moon has been updated to Version 27.8.0. This is a development update with new and improved features and bugfixes.

        Linux versions will follow shortly.  Details from the Release Notes:

        Changes/fixes:
        • Added support for emojis on Windows systems that have relatively poor support for them with standard font sets by including our own font (EmojiOne based for now).
        • Added a setting in preferences to select the use of tab previews with Ctrl+Tab.
        • Added Eyedropper menu entry to the AppMenu.
        • Added a preference to control whether the text cursor (caret) should be thicker when dealing with CJK characters or not (default = yes).
        • Added URL fix-ups for schemes (mis-typed "ttp://" etc.).
        • Added support for ES6 "Symbol species".
        • Updated our TLS 1.3 support to the latest (probably final) draft.
        • Fixed gap inconsistency in the tabstrip.
        • Fixed a number of browser crashes.
        • Fixed a crash with the exponentiation operator "**"
        • Set the performance timer granularity to 1 ms.
        • Updated the kiss-fft library to our forked 1.4.0 version.
        • Disabled a potentially problematic optimization on Win 8+ with high contrast themes in use.
        • Removed the notification bar when in full screen to prevent unwanted visible screen elements.
        • Removed unmaintained and insecure WebRTC code - building with WebRTC enabled is no longer an option.
        • Removed redundant checks for "Vista or later" since that is all we support.
        • Added display of the http status to raw request displays.
        • Added a workaround for cloned videos not retaining their muted state.
        • Added a temporary workaround to avoid crashes on trackless media.
        • Removed some superfluous ellipses from menu labels.
        • Fixed undesired shrinking of line heights as a result of setting minimum font size in preferences.
        • Fixed some issues with setting the new tab preference (regression).

             Minimum system Requirements (Windows):
            • Windows Vista/Windows 7/8/10/Server 2008 or later
            • Windows Platform Update (Vista/7) strongly recommended
            • A processor with SSE2 instruction support
            • 256 MB of free RAM (512 MB or more recommended)
            • At least 150 MB of free (uncompressed) disk space
            Pale Moon includes both 32- and 64-bit versions for Windows:

            Update

            To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.




            Remember - "A day without laughter is a day wasted."
            May the wind sing to you and the sun rise in your heart...