Tuesday, January 07, 2025

Mozilla Firefox Version 134.0 Released with Security Updates

 FirefoxMozilla sent Firefox Version 134.0 to the release channel.  Firefox ESR was updated to Version 128.6.0.  

The update includes eleven security updates of which three (3) are rated high and eight (8) are rated moderate.

High

#

##

CVE-2025-0244: Address bar spoofing using an invalid protocol scheme on Firefox for Android

###

CVE-2025-0242: Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6

#

CVE-2024-11691: Memory corruption in Apple GPU drivers

Moderate

####

#CVE-2025-0245: Lock screen setting bypass in Firefox Focus for Android

#CVE-2025-0246: Address bar spoofing using an invalid protocol scheme on Firefox for Android

#CVE-2025-0237: WebChannel APIs susceptible to confused deputy attack

#CVE-2025-0238: Use-after-free when breaking lines in text

#CVE-2025-0239: Alt-Svc ALPN validation failure when redirected

#CVE-2025-0240: Compartment mismatch when parsing JavaScript JSON module

#CVE-2025-0241: Memory corruption when using JavaScript Text Segmentation

#CVE-2025-0243: Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6

New

  • Firefox now supports touchpad hold gestures on Linux. This means that kinetic (momentum) scrolling can now be interrupted by placing two fingers on the touchpad.

  • Hardware-accelerated playback of HEVC video content is now supported on Windows.

  • Ecosia's availability has been expanded to all languages in the German region along with Austria, Belgium, Italy, Netherlands, Spain, Sweden and Switzerland.

Changed

  • Firefox now follows the model HTML specification for transient user activation more closely. This change makes popup blocking less strict in cases where previous versions of Firefox were overly aggressive, reducing erroneous blocking prompts.

  • A refreshed New Tab layout is being rolled out to users in the US and Canada, featuring a repositioned logo and weather widget to prioritize Web Search, Shortcuts, and Recommended Stories at the top. The update includes changes to the card UI for recommended stories and allows users with larger screens to see up to four columns, making better use of space.  Currently available in: Canada, United States


Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

References


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...
Posted by No comments:
Labels: , , , ,

Tuesday, December 10, 2024

Adobe Acrobat/Reader Update with Security Updates

 

Adobe
Adobe is releasing an update with bug fixes and new features for end users described in the New features summary as well as security updates for Acrobat and Reader. 

The security updates provide mitigations for vulnerabilities described in the security bulletins of Reader and Acrobat.

Update or Complete Download

Adobe Acrobat and Reader are being updated to version 24.005.20320.  Updates should become available via the internal updater or checks can be manually activated by choosing Help/Check for Updates.  

Reader DC and other versions are available here: https://get.adobe.com/reader/

Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

Release Notes

Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...
Posted by  
Posted by No comments:
Labels: , , , ,

Microsoft December 2024 Security Updates

 

The Microsoft December 2024 security updates have been released and consist of 71 new patches to Microsoft products.


Of the Microsoft CVEs released, 16 are rated critical, 54 important, and 1 moderate in security. At the time of release, one is listed as being publicly known and as being exploited.

The security updates apply to the following products, features and roles: Windows and Windows Components, Office and Office Components, SharePoint Server, Hyper-V, Defender for Endpoint, and System Center Operations Manager.

See the list of KBs at the bottom of the page at December 2024 Security Updates - Release Notes - Security Update Guide - Microsoft for information regarding known issues with the security updates as well as the CVEs with FAQs, Mitigations and/or Workarounds.

Recommended Reading:   See Dustin Childs review and analysis in Zero Day Initiative -- The December 2024 Security Update Review.

Due to the holiday schedule, there will be no December 2024 non-security preview update.

Additional Update Notes:

 

References




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...
Posted by No comments:
Labels: , , ,
Subscribe to: Posts (Atom)