Tuesday, February 20, 2024

Mozilla Firefox Version 123.0 Released with Security Updates

  FirefoxMozilla sent Firefox Version 123.0 to the release channel.  Firefox ESR was updated to Version 115.7.

The update includes twelve security updates of which four (4) are rated high, six (6) are rated moderate, and two (2) are rated low.

High

#

#CVE-2024-1546: Out-of-bounds memory read in networking channels
#CVE-2024-1547: Alert dialog could have been spoofed on another site
#CVE-2024-1553: Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8
#CVE-2024-1557: Memory safety bugs fixed in Firefox 123



Moderate

#CVE-2024-1554: fetch could be used to effect cache poisoning
#CVE-2024-1548: Fullscreen Notification could have been hidden by select element
#CVE-2024-1549: Custom cursor could obscure the permission dialog
#CVE-2024-1550: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants
#CVE-2024-1551: Multipart HTTP Responses would accept the Set-Cookie header in response parts
#CVE-2024-1555: SameSite cookies were not properly respected when opening a website from an external browser


Low

#CVE-2024-1556: Invalid memory access in the built-in profiler
#CVE-2024-1552: Incorrect code generation on 32-bit ARM devices


New

  • We’ve integrated search into Firefox View. You can now search through all of the tabs on each of the section subpages - Recent Browsing, Open Tabs, Recently Closed Tabs, Tabs from other devices, or History.

  • Having any issues with a website on Firefox, yet the site seems to be working as expected on another browser? You can now let us know via the Web Compatibility Reporting Tool! By filing a web compatibility issue, you’re directly helping us detect, target, and fix the most impacted sites to make your browsing experience on Firefox smoother.

Fixed

  • When translating web pages, we are now also translating text in tooltips (i.e. titles) and text displayed in form controls (i.e. placeholder).

  • Various security fixes.

Changed

  • Address bar settings can now be found in the Firefox Settings' Search section.

Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

References


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, February 13, 2024

Adobe Acrobat/Reader Update with Security Updates

 


Adobe
Adobe released six patches addressing 29 CVEs in Adobe Acrobat and Reader, Commerce, Substance 3D Painter, FrameMaker Publishing Server, Audition, and Substance 3D Designer. Five of the patches are rated critical.  Successful exploitation could lead to arbitrary code execution, application denial-of-service, and memory leak.     

Update or Complete Download

Adobe Acrobat and Reader were updated to version 23.008.20533 for Windows.  Updates should become available via the internal updater or checks can be manually activated by choosing Help/Check for Updates.  

Reader DC and other versions are available here: https://get.adobe.com/reader/

Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

Release Notes

Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Microsoft February 2024 Security Updates

 

The Microsoft February 2024 security updates have been released and consist of 72 new patches. In addition, 6 non-Microsoft Chromium updates are included, bringing the total number of CVEs to 78.


Of the CVEs released, 5 are rated critical, 65 are rated important, and 2 are rated moderate in security. At the time of release, one of the CVEs is listed as being under active attack.

The security updates apply to the following products, features and roles: Microsoft Windows and Windows Components; Office and Office Components; Azure; .NET Framework and ASP.NET; SQL Server; Windows Hyper-V; and Microsoft Dynamics.

See the list of KBs at the bottom of the page at February 2024 Security Updates - Release Notes - Security Update Guide - Microsoft for information regarding known issues with the security updates as well as the CVEs with FAQs, Mitigations and/or Workarounds. For specific information on Windows 11, versions 23H2 and 22H2, see KB5034765.  For Windows 10, Version 22H2 see KB5034763.

Recommended Reading:   See Dustin Childs review and analysis in Zero Day Initiative -- The February 2023 Security Update Review.

IMPORTANT: 

  • After February 2024, there are no more optional, non-security preview releases for Windows 11, version 22H2. Only cumulative monthly security updates (known as the "B" or Update Tuesday release) will continue for this version. Windows 11, version 23H2 and Windows 10, version 22H2 will continue to receive security and optional releases.

Additional Update Notes:

 

References




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...