Mozilla Firefox Version 138.0.4 with Critical Security Updates

    Mozilla sent Firefox Version 138.0.4 to the Release Channel with two critical security updates.

Fixed

• #CVE-2025-4920: Out-of-bounds access when resolving Promise objects
• #CVE-2025-4921: Out-of-bounds access when optimizing linear sums

Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox".  Mac users need to select "About Firefox" from the Firefox menu.  For non-English versions, Fully Localized Versions are available for download.

Release Notes

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Microsoft May 2025 Security Updates

 

The Microsoft May 2025 security updates have been released and consist of 75 new CVEs to Microsoft products. The additional third-party CVEs bring the combined total to 134 CVEs and 9 non-Microsoft CVEs.

Of the Microsoft CVEs released, 12 are rated critical and the rest are rated important in security. At the time of release, two are listed as being publicly known and five under active attack.

The security updates apply to the following products, features and roles: Windows and Windows Components, Office and Office Components, .NET and Visual Studio, Azure, Nuance PowerScribe, Remote Desktop Gateway Service, and Microsoft Defender.

See the list of KBs at the bottom of the page at May 2025 Security Updates - Release Notes - Security Update Guide - Microsoft for information regarding known issues with the security updates.

Recommended Reading:   See Dustin Childs review and analysis in Zero Day Initiative -- The May 2025 Security Update Review.

Additional Update Notes:

• Windows 10 End of Support -- On October 14, 2025, Windows 10 will reach end of support. See the Windows 10 blog for How to prepare for Windows 10 end of support by moving to Windows 11 today.
• MSRT -- The Malicious Software Removal Tool is now run on a quarterly basis rather than monthly.  See Remove specific prevalent malware with Windows Malicious Software Removal Tool. 
• Servicing Stack Updates -- Microsoft now combines the latest servicing stack update (SSU) for your operating system with the Latest Cumulative Updates (LCU). For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.
  
• Windows updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows, in addition to non-security updates. The updates are also available via search for the KB number in the Microsoft Update Catalog.
• For information on lifecycle and support dates for Windows 10 and Windows 11 operating systems, please see Windows 10 Home and Pro and Windows 11 Home and Pro.
• Windows Update History:  Windows 11

 

References

• Security Update FAQ
• Security Updates Guide

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Mozilla Firefox Version 138.0.3 Released with Updates

   Mozilla sent Firefox Version 138.0.3 to the Release Channel.

Fixed

• Fixed a crash that could occur when viewing websites that use WebGL. (Bug 1961191)
• Fixed an issue where the browser could repeatedly crash when certain SVG effects (like blur or drop shadow) were applied to very small areas. (Bug 1924241)
• On Linux, fixed an issue where video playback would appear washed-out on Wayland when HDR support was unavailable. (Bug 1961610)
• Fixed an issue where the "Match Case" shortcut Alt+C in the find-in-page toolbar did not toggle the checkbox as expected. (Bug 1952611)

Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox".  Mac users need to select "About Firefox" from the Firefox menu.  For non-English versions, Fully Localized Versions are available for download.

Release Notes

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...