Wednesday, January 15, 2025

Pale Moon Verson 33.5.1 Released with Security Updates

 Pale MoonPale Moon has been updated to version 33.5.1.  This is a small bugfix and security update.

Changes/fixes:

  • Changed the way cookies are handled internally to fix an issue with cookie database corruption as a result of updates to domain suffixes.
  • Fixed an issue with Alternative-Services protocol negotiation.
  • Fixed a potential crash scenario with Structured Clone operations. *DiD
  • Fixed a potential issue with line breaking if out of memory.
  • Fixed a rare crash with opportunistic encryption.
  • Minor code cleanup.
  • Security issues addressed: CVE-2025-0239 and CVE-2025-0238.

    Notes:  *DiD This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

    Pale Moon includes both 32- and 64-bit versions for Windows: Pale Moon for Windows downloads.

    Update: To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

    Release Notes
    Release Cycle

    Home
    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    Posted by No comments:
    Labels: , , ,

    Tuesday, January 14, 2025

    Microsoft January 2025 Security Updates

     

    The Microsoft January 2025 security updates have been released and consist of 159 new patches to Microsoft products plus third-party CVE's making the total 161.


    Of the Microsoft CVEs released, 11 are rated critical and 148 are rated moderate in security. At the time of release, five are listed as being publicly known and three under active attack.

    The security updates apply to the following products, features and roles: Windows and Windows Components, Office and Office Components, Hyper-V, SharePoint Server, .NET and Visual Studio, Azure, BitLocker, Remote Desktop Services, and the Windows Virtual Trusted Platform Module.

    See the list of KBs at the bottom of the page at January 2025 Security Updates - Release Notes - Security Update Guide - Microsoft for information regarding known issues with the security updates as well as the CVEs with FAQs, Mitigations and/or Workarounds.

    Recommended Reading:   See Dustin Childs review and analysis in Zero Day Initiative -- The January 2025 Security Update Review.

    Additional Update Notes:

     

    References




    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...
    Posted by No comments:
    Labels: , , ,

    Mozilla Firefox Version 134.0.1 Released with Updates

      Mozilla sent Firefox Version 134.0.1 to the Release Channel.

    Fixed

    • Fixed UI hangs happening on YouTube and Google Docs in some situations (Bug 1939295).
    • Fixed a startup crash affecting some users upgrading from Firefox 133 (Bug 1941134).
    • Fixed an issue where search engines selection menus and context menus could be broken if a user had previously reverted to an earlier version (Bug 1940533).

    Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox".  Mac users need to select "About Firefox" from the Firefox menu.  For non-English versions, Fully Localized Versions are available for download.

    Release Notes


    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...
    Posted by No comments:
    Labels: , ,
    Subscribe to: Posts (Atom)