Thursday, December 28, 2017

Mozilla Firefox Version 57.0.3 Released


FirefoxMozilla sent yet another update for Firefox Version 57 to the release channel, Version 57.0.3.  Firefox ESR was updated to version 52.5.3.

Fixed

  • Fix a crash reporting issue that inadvertently sends background tab crash reports to Mozilla without user opt-in (bug 1427111)
No mention in the release notes of Catalin Cimpanu's Tweet that [url=https://twitter.com/campuscodi/status/945859281504501761]"lol, Firefox had a tag... they removed it now"[/url].

      Update:

      To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

      References




      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...

      Sunday, December 24, 2017

      Merry Christmas, Khristos Razhdayetsya

      The "Carol of the Bells" (Shchedryk) is one of my favorite Christmas songs.  Many people are unaware of its true origin.  From The Unknown Ukrainian Carol that everyone knows:
      "There’s a Ukrainian folksong that you know. Except that you don’t know that it’s Ukrainian, and a folksong. The enchanting music that from the pen of Peter J. Wilhousky became known to the world as “Carol of the Bells” was composed by Ukrainian composer Mykola Leontovych in 1904 based on a Ukrainian folk song. Peter J. Wilhousky made his arrangement following a performance of the original song by Alexander Koshetz’s Ukrainian National Chorus at Carnegie Hall on October 5, 1921."  
      A number of years ago I created the video below with the Windows Movie Maker, a part of the Windows Essentials 2012 suite which, sadly for many, reached end of support on January 10, 2017.  The video includes examples of some of the traditional foods that are part of the Ukrainian Christmas Eve celebration. 




      Merry Christmas to all my family, friends and Security Garden readers.

      Sending warmest wishes to you and your family. 
      May you enjoy the spirit of Christmas every day of the coming year.

      References:

      Home
      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...

      Tuesday, December 12, 2017

      Microsoft Security Updates for December, 2017



      The December security release consists of 32 security updates in which 20 are listed as Critical and 12 are rated Important. The release consists of security updates for the following software: 
      • Internet Explorer
      • Microsoft Edge
      • Microsoft Windows
      • Microsoft Office and Microsoft Services and Web Apps
      • Microsoft Exchange Server
      • ChakraCore
      • Microsoft Malware Protection Engine 
      The updates address Remote Code Execution, Information Disclosure, "Defense in Depth" (Note:  "Defense-in-Depth" is a fix that does not apply to an actively exploitable vulnerability but prevents future vulnerabilities caused by the same code when surrounding code changes expose the problem.), Security Feature Bypass, Spoofing and Denial of Service.

      For more information about the updates released today, see https://portal.msrc.microsoft.com/en-us/security-guidance/summary.  Updates can be sorted by OS from the search box. Information about the update for Windows 10 is available at Windows 10 Update history.

      Also see this month's Zero Day Initiative — The December 2017 Security Update Review by Dustin Childs in which he discusses several of the patches.

      Additional Update Notes

      • Adobe Flash Player -- For Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1 and Windows 10, Adobe Flash Player is now a security bulletin rather than a security advisory and is included with the updates as identified above.
      • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.  Note:  Users who are paranoid about the remote possibility of a FP can opt to run this tool from a Command Prompt, appending a   /N   parameter [for "detect only" mode].
      • Windows 10 -- A summary of important product developments included in each update, with links to more details is available at Windows 10 Update History. The page will be regularly refreshed, as new updates are released.

      References


      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...





      Adobe Flash Player and AIR Security Update

      Adobe Flashplayer

      Adobe has released Version 28.0.0.126 of Adobe Flash Player and Version 28.0.0.127 of Adobe AIR.  The update addresses CVE-2017-11305, a regression that could lead to the unintended reset of the global settings preference file.

      Release date:  December 12, 2017
      Vulnerability identifier: APSB17-42
      Platform:  Windows, Macintosh, Linux and Chrome OS

      Update:

      *Important Note:  Downloading the update from the Adobe Flash Player Download Center link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras that you do not want.  They are not needed for the Flash Player update.

        Verify Installation

        To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

        Do this for each browser installed on your computer.

        To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

        References



        Remember - "A day without laughter is a day wasted."
        May the wind sing to you and the sun rise in your heart...









        Thursday, December 07, 2017

        Mozilla Firefox Version 57.0.2 Released


        FirefoxMozilla sent yet another update for Firefox Version 57 to the release channel, Version 57.0.2.

        Fixed

        • Block old versions of G Data Endpoint Security for crashing Firefox on start up - Windows only (bug 1421991)
        • Fix a regression with WebGL and D3D9 - Windows only

          Update:

          To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

          References




          Remember - "A day without laughter is a day wasted."
          May the wind sing to you and the sun rise in your heart...