Mozilla Firefox Version 68.0.2 Released with Security Update

Mozilla sent Firefox Version 68.0.2 to the release channel today. The update included one (1) security update, rated moderate.

As of the last check, no update is available for ESR.

Moderate

• #CVE-2019-11733: Stored passwords in 'Saved Logins' can be copied without master password entry

Fixed

• Fixed a bug causing some special characters to be cut off from the end of the search terms when searching from the URL bar (bug 1560228)
  
• Allow fonts to be loaded via file:// URLs when opening a page locally (bug 1565942)
  
• Printing emails from the Outlook web app no longer prints only the header and footer (bug 1567105)
  
• Fixed a bug causing some images not to be displayed on reload, including on Google Maps (bug 1565542)
  
• Fixed an error when starting external applications configured as URI handlers (bug 1567614)
  

Update:  To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

References

• Common questions after updating Firefox
• Security Updates
• Release Notes
• Rapid Release Calendar

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Adobe Flash Player Update

Adobe has released Version 32.0.0.238 of Adobe Flash Player for Windows 7 and earlier, macOS, Linux and Chrome OS. The update addresses bug fixes described in the Release Notes as "Assorted functional fixes".

Note that because this is not a security update, Microsoft has not released updates to Adobe Flash Player for Microsoft Edge and Internet Explorer on 8.1/10.  The Flash Player for those browsers remains at Version 32.0.0.207, which was the security update released in June by Adobe.

Release date:  August 13, 2019
Vulnerability identifier: None
Platform:  Windows, Macintosh, Linux and Chrome OS

Update:

• With the option to 'Allow Adobe to install updates', the update will be automatic. Without that setting enabled, either install the update via the update mechanism when prompted or via the Download Center*.
• Windows 7 and earlier:  Installation links for Windows 7 and earlier are provided by Adobe at Installation problems | Flash Player | Windows 7 and earlier: 
• Flash Player for Internet Explorer - ActiveX 
• Flash Player for Firefox/Pale Moon - NPAPI
• Flash Player for Opera and Chromium-based browsers - PPAPI
• Uninstaller (if needed) : http://download.macromedia.com/get/flashplayer/current/support/uninstall_flash_player.exe 
• Microsoft Edge and Internet Explorer 11:  Security updates for Adobe Flash Player are automatically updated to the latest version for Windows 8.1 and 10 via Windows Update.
• Google Chrome:  Adobe Flash Player will be automatically updated to the latest Google Chrome version.
• Flash Player Uninstaller:  http://download.macromedia.com/get/flashplayer/current/support/uninstall_flash_player.exe
• Adobe AIR:  Adobe - Adobe AIR

*Important Note:  Downloading the update from the Adobe Flash Player Download Center link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras that you do not want.  They are not needed for the Flash Player update.

Verify Installation

To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

Do this for each browser installed on your computer.

To verify the version of Adobe Flash Player for Android, go to Settings/Applications/Manage Applications/Adobe Flash Player x.x.

References

• Adobe Priority Ratings
• AIR Download Center 
• Installing and Updating Flash Player - FAQ
• Release Notes
• Security Bulletin
• PSIRT

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Microsoft August 2019 Security Updates

The August security updates have been released and consist of 93 CVEs and 2 advisories. Of these 93 CVEs, 29 are rated Critical, and 64 are rated Important in severity. None are listed as publicly known or as under active attack at the time of release but multiple bugs this month fall into the wormable category.

The updates address Information Disclosure, Elevation of Privilege, Remote Code Execution, Denial of Service, Security Feature Bypass, Tampering and Spoofing. They apply to the following:  Microsoft Windows, Internet Explorer, Microsoft Edge, ChakraCore, Microsoft Office and Microsoft Office Services and Web Apps, Visual Studio, Online Services, Active Directory, Microsoft Dynamics.

Known Issues:  See the Known Issues and accompanying work-around in the KB Articles:

KB Article	Applies To
4511553	Windows 10, version 1809, Windows Server 2019
4511872	Internet Explorer
4512476	Windows Server 2008 SP2 (Monthly Rollup)
4512482	Windows Server 2012 (Security-only update)
4512486	Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Security-only update)
4512488	Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
4512489	Windows 8.1, Windows Server 2012 R2 (Security-only update)
4512491	Windows Server 2008 SP2 (Security-only Update)
4512497	Windows 10
4512501	Windows 10, version 1803, Windows Server version 1803
4512506	Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Monthly Rollup)
4512507	Windows 10, version 1703
4512508	Windows 10, version 1903, Windows Server version 1903
4512516	Windows 10, version 1709
4512517	Windows 10, version 1607, Windows Server 2016
4512518	Windows Server 2012 (Monthly Rollup)

Recommended Reading:  

See Dustin Childs review and analysis in Zero Day Initiative — The August 2019 Security Update Review.

For more information about the updates released today, see https://portal.msrc.microsoft.com/en-us/security-guidance/summary.  Updates can be sorted by OS from the search box. Information about the update for Windows 10 is available at Windows 10 Update history.

Additional Update Notes:

• Adobe Flash Player -- For Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1 and Windows 10, Adobe Flash Player is now a security bulletin rather than a security advisory and is included with the updates as identified above.
• MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.  Note:  Users who are paranoid about the remote possibility of a FP can opt to run this tool from a Command Prompt, appending a   /N   parameter [for "detect only" mode].
• Servicing Stack Updates -- A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update. Learn more about SSU's in Servicing Stack Updates (SSU)
• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are also available via the Microsoft Update Catalog.
• For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
• Windows Update History:
  • Windows 10
  • Windows 8.1
  • Windows 7

References

• Security Update FAQ
• Security Updates Guide

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...