Security Garden

Thursday, October 01, 2015

October -- Cyber Security Awareness Month

Tweet This

Each year additional organizations join in the effort to spread information on cyber security awareness.

The 2015 Cyber Security Awareness Month marks the fifth anniversary of the campaign

  Stop | Think | Connect

With that in mind, consider the following suggestions not only during Cyber Security Awareness month but every day:

Stop:  Before you click that formatted link in your email, search results or social media account, mouse over the link to ensure the URL matches the description.

Think:  Whether it is email, Facebook, Twitter, an online forum or other online media, instead of spouting off the first reply that comes to mind when you disagree, think before you click the send button.  Remember that your online reputation can follow you in "real life".

Connect:  When you connect to the Internet, ensure your device software as well as any apps or third-party software are up to date.

Cyber Security Awareness Month Resources

The United States isn't the only country supporting cyber security awareness.  Canada and the European Union are also involved in promoting cyber security awareness month.  Visit their sites along with the others listed.

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Wednesday, September 30, 2015

Firefox Version 41.0.1 Released with Fixes

Tweet This

Mozilla sent Firefox Version 41.0.1 to the release channel to add a number of bug fixes.  No security updates are included.

There were no changes to Firefox ESR which remains at version 38.3.0.

What’s New

  • Fixed -- Startup crash in mozilla::layers::CompositorD3D11::GetTextureFactoryIdentifier()
  • Fixed -- Changing properties of a new bookmark while adding it acts on the last bookmark in the current container
  • Fixed -- Firefox hangs with flash plugins
  • Fixed -- Startup crash in nsStyleSet::GatherRuleProcessors(nsStyleSet::sheetType) possibly related to Yandex toolbar and Adblock Plus
  • Fixed -- Crash in mozilla::gl::GLBlitHelper::BlitImageToTexture


To get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Monday, September 28, 2015

Pale Moon Version 25.7.1 Released with Security Updates

Tweet This

Pale Moon

Pale Moon has been updated to version 25.7.1.  This update includes critical security updates as well stability and web-compatibility update.

Security updates have also been made in the Android version of Pale Moon in order to keep users of the otherwise currently unmaintained OS updated regarding known security vulnerabilities.

Included in the security updates is an update described as "DiD", "Defense-in-Depth.  This fix does not apply to an actively exploitable vulnerability in Pale Moon.  Rather, it is a preventative measure to prevent future vulnerabilities caused by the same code when surrounding code changes.

Security fixes:
  • Changed the jemalloc poison address to something that is not a NOP-slide. DiD
  • Fixed a memory safety hazard in ConvertDialogOptions (CVE-2015-4521)
  • Fixed a buffer overflow/crash hazard in the VertexBufferInterface::reserveVertexSpace function in libGLES in ANGLE (CVE-2015-7179)
  • Fixed an overflow/crash hazard in the XULContentSinkImpl::AddText function (CVE-2015-7175)
  • Fixed a stack buffer overread hazard in the ICC v4 profile parser (CVE-2015-4504)
  • Fixed an HTMLVideoElement Use-After-Free Remote Code Execution 0-day vulnerability (ZDI-CAN-3176) (CVE-2015-4509)
  • Fixed a potentially exploitable crash in nsXBLService::GetBinding
  • Fixed a memory safety hazard in nsAttrAndChildArray::GrowBy (CVE-2015-7174)
  • Fixed a memory safety hazard for callers of nsUnicodeToUTF8::GetMaxLength (CVE-2015-4522)
  • Fixed a heap buffer overflow/crash hazard caused by invalid WebM headers (CVE-2015-4511)

A complete list of the fixes, changes and additions is available in the Release Notes.  Of note is additional code cleanup:
  • Removed the majority of remaining telemetry code (including the data reporting back-end and health report) to prevent a few issues with partially removed code in earlier versions.

Minimum system Requirements (Windows):
  • Windows Vista/Windows 7/Windows 8/Server 2008 or later
  • A processor with SSE2 support
  • 256 MB of free RAM (512 MB or more recommended)
  • At least 150 MB of free (uncompressed) disk space
Pale Moon includes both 32- and 64-bit versions for Windows:
Other versions:


To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...