Security Garden

Tuesday, January 27, 2015

Pale Moon Minor Update to Version 25.2.1

Tweet This

Pale Moon
Pale Moon version 25.2.1 has been released to address cookie handling through proxies causing issues for some authenticating proxies in corporate environments.

Minimum system Requirements (Windows):
  • Windows Vista/Windows 7/Windows 8/Server 2008 or later
  • A processor with SSE2 support
  • 256 MB of free RAM (512 MB or more recommended)
  • At least 150 MB of free (uncompressed) disk space
Pale Moon includes both 32- and 64-bit versions for Windows:
Other versions:

Update

To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

Release Notes

Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...







Monday, January 26, 2015

Mozilla Firefox Version 35.0.1 Released

Tweet This


Firefox
Mozilla sent Firefox Version 35.0.1 incorporating bug fixes to the release channel. 

What’s New

  • Fixed 35.0.1 - With the Enhanced Steam extension, Firefox could crash (1123732)
  • Fixed 35.0.1 - Fix a potential startup crash (1122367)
  • Fixed 35.0.1 - Kerberos authentication did not work with alias (1108971)
  • Fixed 35.0.1 - SVG / CSS animation had a regression causing rendering issues on websites like openstreemap.org (1083079)
  • Fixed 35.0.1 - On Godaddy webmail, Firefox could crash (1113121)
  • Fixed 35.0.1 - document.baseURI did not get updated to document.location after base tag was removed from DOM for site with a CSP (1121857)
  • Fixed 35.0.1 - With a Right-to-left (RTL) version of Firefox, the text selection could be broken (1104036)
  • Fixed 35.0.1 - CSP had a change in behavior with regard to case sensitivity resources loading (1122445)



Known Issues

  • unresolved -- Sometimes images don't display when hovered over (see bug 1083113)-- marked Resolved/Won't Fix.
  • unresolved -- WebGL games might not display some textures (see bug 1113633) -- scheduled for version 36.
  • unresolved -- Issues affecting RTL in Hello can be found here
  • unresolved -- Crashes with "Enhanced Steam" extension enabled on Steam websites (see bug 1117873

Update

To get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu.

If you do not use the English language version, Fully Localized Versions are available for download.

References




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...








Saturday, January 24, 2015

Second Out-of-Band Adobe Flash Player Update

Tweet This

Adobe Flashplayer

Although not expected until next week, Adobe has released the update addressing a Zero-Day being distributed through the Angler Exploit Kit in Adobe Flash Player.  The vulnerability was discovered by security researcher Kafeine (See Unpatched Vulnerability (0day) in Flash Player is being exploited by Angler EK | Malware don't need Coffee) and applies to Adobe Flash Player 16.0.0.287 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.438 and earlier versions for Linux.

Although the update has been released early, it is only available 
for those who have Flash Player set to auto-update.  The direct download links are not expected to be available until next week. 



To set Flash Player to auto-update, do the following:
  • Windows: click Start > Settings > Control Panel > Flash Player
  • Macintosh: System Preferences (under Other) click Flash Player
  • Linux Gnome: System > Preferences > Adobe Flash Player
  • Linux KDE: System Settings > Adobe Flash Player

Edit Note:  (1/25/2015) The direct download links are now available.  See below.

Adobe is working with Google Chrome and Microsoft to provide the update for Chrome and Internet Explorer on Windows 8.x and Windows 10 Technical Preview. 

Update Information:

Release date: January 22, 2015
Last updated: January 24, 2015
Vulnerability identifier: APSA15-01
CVE number: CVE-2015-0311
Platform: All Platforms

The direct download links:
Verify Installation:

To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

Do this for each browser installed on your computer.

To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

References






Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...