Thursday, August 16, 2018

Pale Moon Version 28.0.0 Released


Pale Moon
Pale Moon version 28.0.0 has been released.  This release is a new major milestone in Pale Moon's release history.

From the Release Notes, the most pertinent changes since the release of version 27.0.0:
  • SpiderMonkey update: The JavaScript engine has received a major upgrade and now supports all landmark features from the ECMAScript standards as carried by mainstream browsers. This should put an end to the increasing JavaScript issues we've seen due to web frameworks not being browser-agnostic in that respect, or the browser not supporting what websites expect.
  • Goanna update: The layout and rendering engine (Goanna) has been updated to its 4th generation (version 4.*) which brings with it improved compatibility with "trendy" CSS styling techniques that build on a few very specific features (e.g. CSS Grid). Goanna continues to build on tried-and-tested software fallbacks in case hardware acceleration can't be used, and Linux remote desktop users can continue to leverage xrender for speedy remote screen updates in Pale Moon.
  • DOM enhancements: Enhancements in the Document Object Model provides websites with updated APIs to perform their tasks. (e.g. Fetch, WebAnimations, WebCrypto, HTML Input Element Extensions, etc.)
  • Media enhancements: Our media back-end update is, for all intents and purposes, complete. MSE media streaming (for MP4) should be compatible with all major players on the market now. MSE for WebM is still disabled by default due to some compatibility issues that need to be examined, but you may enable this in preferences to e.g. allow 4k video playback on some sites that only offer UHD in WebM format. We now also support playback of FLAC-encoded audio.
  • New: WebGL2 support! Pale Moon now supports the WebGL2 standard for enhanced graphical experiences in 2D and 3D.
  • Devtools have been given a refresh. Just in case you thought they weren't extensive enough yet, some new categories have been added to inspect and manipulate all aspects of web content.
  • Updates to the login manager: Login credentials can now be stored specifically with or without a user name, and selected individually. This is a behavior change from previous, and clicking a password field can now pop-up a selection list of user names for which passwords are stored (if multiple credentials are saved). Clicking the appropriate login name (or date-stamped version if no name is present) will fill in the accompanying password.
Also note what has not changed:
  • We continue to support NPAPI plugins.
  • We continue to support complete themes as well as lightweight themes.
  • We continue to offer a fully customizable interface like before. Australis (like seen in Basilisk) is not used.
  • We continue to support XUL overlay, bootstrapped and (deprecated) Jetpack extensions (collectively called "legacy extensions" by Mozilla).
         Minimum system Requirements (Windows):
        • Windows 7/8/10/Server 2008 R2 or later
        • A processor with SSE2 instruction support
        • 1 GB of RAM
        • At least 200 MB of free (uncompressed) disk space

          Download:

          Update

          To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.




          Remember - "A day without laughter is a day wasted."
          May the wind sing to you and the sun rise in your heart...



          Tuesday, August 14, 2018

          Microsoft Security Bulletin Release for August, 2018



          The August security release consists of 60 CVEs, of which 19 are listed as Critical and 39 are rated Important, 1 is rated as Moderate and 1 is rated as Low in severity.  In particular, note that CVE-2018-8373, Internet Explorer Memory Corruption Vulnerability and CVE-2018-8414, Windows Shell Remote Code Execution Vulnerability are listed as publicly known and exploited.

          The release consists of security updates for the following: Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office and Microsoft Office Services and Web Apps, ChakraCore, Adobe Flash Player, .NET Framework, Microsoft Exchange Server, Microsoft SQL Server and Visual Studio.

          The updates address Remote Code Execution, Elevation of Privilege, Security Feature Bypass, Information Disclosure, Defense in Depth, Tampering and Spoofing.
            Recommended Reading: 

            See Dustin Childs excellent review and recommendations
            in Zero Day Initiative — The August 2018 Security Update Review.  


            More:  For more information about the updates released today, see https://portal.msrc.microsoft.com/en-us/security-guidance/summary.  Updates can be sorted by OS from the search box. Information about the update for Windows 10 is available at Windows 10 Update history.

            Additional Update Notes

            • Adobe Flash Player -- For Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1 and Windows 10, Adobe Flash Player is now a security bulletin rather than a security advisory and is included with the updates as identified above.
            • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.  Note:  Users who are paranoid about the remote possibility of a FP can opt to run this tool from a Command Prompt, appending a   /N   parameter [for "detect only" mode].

            References


            Remember - "A day without laughter is a day wasted."
            May the wind sing to you and the sun rise in your heart...





            Adobe Flash Player Security Update Released

            Adobe Flashplayer

            Adobe has released Version 30.0.0.154 of Adobe Flash Player.  The update addresses both security and functional issues.  Successful exploitation could lead to arbitrary code execution in the context of the current user.

            Release date:  August 14, 2018
            Vulnerability identifier: APSB18-25
            Platform:  Windows, Macintosh, Linux and Chrome OS
             

            Vulnerability details

            Vulnerability Category Vulnerability Impact Severity CVE Number
            Out-of-bounds read Information Disclosure Important CVE-2018-12824
            Security Feature bypass Information Disclosure Important CVE-2018-12825
            Out-of-bounds read Information Disclosure Important CVE-2018-12826
            Out-of-bounds read Information Disclosure Important CVE-2018-12827
            Privilege Escalation Remote Code Execution Important CVE-2018-12828

            Update:

            *Important Note:  Downloading the update from the Adobe Flash Player Download Center link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras that you do not want.  They are not needed for the Flash Player update.

              Verify Installation

              To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

              Do this for each browser installed on your computer.

              To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

              References



              Remember - "A day without laughter is a day wasted."
              May the wind sing to you and the sun rise in your heart...









              Adobe Acrobat DC and Reader DC Critical Security Updates Released

              Adobe

              Adobe has released security updates for Adobe Reader DC and Adobe Acrobat DC for Windows and Macintosh.  These updates are rated as critical and important.  Successful exploitation could lead to arbitrary code execution in the context of the current user.

              Release date:  August 14, 2018
              Vulnerability identifier: APSB18-29
              Platform: Windows and Macintosh

              Update or Complete Download

              Reader DC and Acrobat DC were updated to version 2018.011.20058. Update checks can be manually activated by choosing Help > Check for Updates. 
              Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.


              References





              Home
              Remember - "A day without laughter is a day wasted."
              May the wind sing to you and the sun rise in your heart...







              Wednesday, August 08, 2018

              Mozilla Firefox Version 61.0.2 Released


              FirefoxMozilla sent Firefox Version 61.0.2 to the release channel today.  At the time of this posting, it does not appear that Firefox ESR has been updated or that it includes any security updates.

              New
              • Adds support for automatically restoring your Firefox session after Windows restarts. Currently, this feature is not enabled by default for most users, but will be gradually enabled over the coming weeks.
              Fixed
              • Improved website rendering with the Retained Display List feature enabled (Bug 1474402)
              • Fixed broken DevTools panels with certain extensions installed (Bug 1474379)
              • Fixed a crash for users with some accessibility tools enabled (Bug 1474007)


              Update:  To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

              References




              Remember - "A day without laughter is a day wasted."
              May the wind sing to you and the sun rise in your heart...

              Tuesday, July 24, 2018

              Cumulative Updates Released for Windows 10


              Cumulative updates have been released by Microsoft for Windows 10 April 2018 Update (version 1803), Windows 10 Fall Creators Update (version 1709), and Windows 10 Creators Update (version 1703).

              See the update appropriate for your version of Windows 10 for the Improvements and fixes as well as Known Issues.


              Home
              Remember - "A day without laughter is a day wasted."
              May the wind sing to you and the sun rise in your heart...

              Wednesday, July 18, 2018

              Oracle Java Critical Security Update

              java

              Oracle released the scheduled critical security updates for its Java SE Runtime Environment software.  The critical patch update contains 8 new security fixes for Oracle Java SE.  All of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.  

              Update

              If Java is still installed on your computer, it is recommended that this update be applied as soon as possible due to the threat posed by a successful attack.

              Download Information

              Java SE 8u181
              http://www.oracle.com/technetwork/java/javase/8u181-relnotes-4479407.html
              http://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-2133155.html

              Java SE 10.0.2  (x64-bit only)
              http://www.oracle.com/technetwork/java/javase/10-0-2-relnotes-4477557.html
              http://www.oracle.com/technetwork/java/javase/downloads/jre10-downloads-4417026.html
              Notes:
              • UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.  Preferably, see the instructions below on how to handle "Unwanted Extras".  
              • Oracle does not plan to migrate desktops from Java 8 to Java 9 through the auto update feature.  Therefore, it is strongly recommended that you uninstall JRE 8 prior to updating.
              • Verify your versionhttp://www.java.com/en/download/testjava.jsp.   Note:  The Java version verification page will only work if your browser has NPAPI support.  In that case, to check the version, open a cmd window and enter the following (note the space following Java):  java -version

              Critical Patch Updates

              For Oracle Java SE Critical Patch Updates, the next scheduled dates are as follows:
              • 16 October 2018
              • 15 January 2019
              • 16 April 2019 
              • 16 July 2019

              Unwanted "Extras"

              Although most people do not need Java on their computer, there are some programs and games that require Java.  In the event you need to continue using Java, How-to Geek discovered a little-known and  unpublicized option in the Java Control Panel to suppress the offers for the pre-checked unwanted extras that Oracle has long included with the updates.  Although the Ask Toolbar has been removed, tha does not preclude the pre-checked option for some other unnecessary add-on.

              Do the following to suppress the sponsor offers:
              1. Launch the Windows Start menu
              2. Click on Programs
              3. Find the Java program listing
              4. Click Configure Java to launch the Java Control Panel
              5. Click the Advanced tab and go to the "Miscellaneous" section at the bottom.
              6. Check the box by the “Suppress sponsor offers when installing or updating Java” option and click OK.
              Java suppress sponsor offers

              Java Security Recommendations

              1)  In the Java Control Panel, at minimum, set the security to high.
              2)  Keep Java disabled until needed.  Uncheck the box "Enable Java content in the browser" in the Java Control Panel.
              3)  Instructions on removing older (and less secure) versions of Java can be found at http://java.com/en/download/faq/remove_olderversions.xml

              References




              Remember - "A day without laughter is a day wasted."
              May the wind sing to you and the sun rise in your heart...




              Tuesday, July 17, 2018

              Windows 10 Cumulative Updates Released


              Microsoft released new cumulative updates for the Windows 10 Version 1703 and Version 1803 to introduce a series of quality improvements.  No new operating system features are being introduced in this update. A restart is needed to install the update.

              Version 1803: July 16, 2018—KB4345421 (OS Build 17134.167)
              Version 1703: July 16, 2018—KB4345420 (OS Build 16299.550)




              Home
              Remember - "A day without laughter is a day wasted."
              May the wind sing to you and the sun rise in your heart...

              Pale Moon Version 27.9.4 Released


              Pale Moon
              Pale Moon has been updated to version 27.9.4. The release includes DiD ("Defense-in-Depth") changes.  This means that a fix does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

              From the Release Notes:

              Changes/fixes:
              • Updated the useragent for addons.mozilla.org to work around their "Only with Firefox" discrimination preventing users from downloading themes, old versions of extensions, and other files with Pale Moon.
              • Restricted web access to the moz-icon:// scheme that could potentially be abused to infringe the user's privacy.
              • Prevented various location-based threats. DiD
              • Fixed a potential vulnerability with plugins being redirected to different origins (CVE-2018-12364).
              • Improved the security check for launching executable files (by association) on Windows from the browser. For users who have (most likely accidentally) granted a system-wide waiver for opening these kinds of files without being prompted, this permission has been reset.
              • Fixed an issue with invalid qcms transforms (CVE-2018-12366).
              • Fixed a buffer overflow using the computed size of canvas elements (CVE-2018-12359).
              • Fixed a use-after-free when using focus() (CVE-2018-12360).
              • Added some sanity checks on nsMozIconURI. DiD
              • Fixed an issue in the case the preferences file in the profile would not be writable (e.g. temporary permission issues due to backup, virus scanning or similar external processes).
                     Minimum system Requirements (Windows):
                    • Windows 7/8/10/Server 2008 or later
                    • A processor with SSE2 instruction support
                    • 256 MB of free RAM (512 MB or more recommended)
                    • At least 150 MB of free (uncompressed) disk space
                    Pale Moon includes both 32- and 64-bit versions for Windows:

                    Update

                    To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.




                    Remember - "A day without laughter is a day wasted."
                    May the wind sing to you and the sun rise in your heart...


                    Tuesday, July 10, 2018

                    Microsoft Security Bulletin Release for July, 2018



                    The July security release consists of 53 CVEs, of which 18 are listed as Critical and 33 are rated Important, 1 is rated as Moderate and 1 is rated as Low in severity.

                    The updates address Remote Code Execution, Security Feature Bypass, Elevation of Privilege, Denial of Service, Tampering, Information Disclosure, and Spoofing with known issues for 4338825 and 4338818.

                    The release consists of security updates for the following software:  Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office and Microsoft Office, Services and Web Apps, ChakraCore, Adobe Flash Player, .NET Framework, ASP.NET, Microsoft Research JavaScript Cryptography Library, Skype for Business and Microsoft Lync, Visual Studio, Microsoft Wireless Display Adapter V2 Software, PowerShell Editor Services, PowerShell Extension for Visual Studio Code, and Web Customizations for Active Directory Federation Services.


                    Recommended Reading: 

                    E
                    ven though on vacation, Dustin Childs dedicated time to provide a
                    closer look at some of the patches for this month in Zero Day Initiative — The July 2018 Security Update Review.  Although he indicated "
                    None of the bugs patched this month are listed as publicly known or under active attack at the time of release." his evaluation is definitely appreciated.

                    More:  For more information about the updates released today, see https://portal.msrc.microsoft.com/en-us/security-guidance/summary.  Updates can be sorted by OS from the search box. Information about the update for Windows 10 is available at Windows 10 Update history.

                    Additional Update Notes

                    • Adobe Flash Player -- For Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1 and Windows 10, Adobe Flash Player is now a security bulletin rather than a security advisory and is included with the updates as identified above.
                    • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.  Note:  Users who are paranoid about the remote possibility of a FP can opt to run this tool from a Command Prompt, appending a   /N   parameter [for "detect only" mode].
                    • Windows 10 -- A summary of important product developments included in each update, with links to more details is available at Windows 10 Update History. The page will be regularly refreshed, as new updates are released.

                    References


                    Remember - "A day without laughter is a day wasted."
                    May the wind sing to you and the sun rise in your heart...





                    Adobe Flash Player Security Update Released

                    Adobe Flashplayer

                    Adobe has released Version 30.0.0.134 of Adobe Flash Player.  In addition to functional issues, the update address critical vulnerabilities that could lead to remote code execution affecting version 30.0.0.113 and earlier.

                    Release date:  July 10, 2018
                    Vulnerability identifier: APSB18-24
                    Platform:  Windows, Macintosh, Linux and Chrome OS
                     

                    Vulnerability details

                    Vulnerability Category Vulnerability Impact Severity CVE Number
                    Out-of-bounds read  Information Disclosure Important CVE-2018-5008
                    Type Confusion Arbitrary Code Execution Critical CVE-2018-5007

                    Update:

                    *Important Note:  Downloading the update from the Adobe Flash Player Download Center link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras that you do not want.  They are not needed for the Flash Player update.

                      Verify Installation

                      To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

                      Do this for each browser installed on your computer.

                      To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

                      References



                      Remember - "A day without laughter is a day wasted."
                      May the wind sing to you and the sun rise in your heart...









                      Adobe Reader and Acrobat Critical Security Updates

                      Adobe

                      Adobe has released security updates for Adobe Reader DC and Adobe Acrobat DC for Windows and Macintosh.  These updates are rated as critical and important.  Successful exploitation could lead to arbitrary code execution in the context of the current user.

                      Release date:  July 10, 2018
                      Vulnerability identifier: APSB18-21
                      Platform: Windows and Macintosh

                      Update or Complete Download

                      Reader DC and Acrobat DC were updated to version 2018.011.20055. Update checks can be manually activated by choosing Help > Check for Updates. 
                      Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.


                      References





                      Home
                      Remember - "A day without laughter is a day wasted."
                      May the wind sing to you and the sun rise in your heart...







                      Thursday, July 05, 2018

                      Mozillia Firefox Version 61.0.1 Released


                      FirefoxMozilla sent Firefox Version 61.0.1 to the release channel today.  It does not appear that Firefox ESR has been updated.

                      Fixes

                      • Fixed broken website loading for Chinese users with accessibility enabled (Bug 1471824)
                      • Fix missing content on the New Tab Page and the Home section of the Preferences page (Bug 1471375)
                      • Fixed loss of bookmarks under rare circumstances when upgrading from Firefox 60 (Bug 1472127)
                      • Improved playback of Twitch 1080p video streams (Bug 1469257)
                      • Web pages no longer lose focus when a browser popup window is opened (Bug 1471415)
                      • Fixed launching of downloads without a file extension on Windows (Bug 1465458)
                      • Re-allowed downloading files from FTP sites via the "Save Link As" option when linked from HTTP pages (Bug 1470295)
                      • Fixed extensions being unable to override the default homepage in certain situations (Bug 1466846)


                      Update:  To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

                      References




                      Remember - "A day without laughter is a day wasted."
                      May the wind sing to you and the sun rise in your heart...

                      Sunday, July 01, 2018

                      Windows Insider MVP! #WIMVP

                      What a nice way to start the day!

                      Windows Insider MVP


                      Dear Corrine:

                      Congratulations! Thank you for your continued contributions to the Windows community, we are excited to re-award you as a Windows Insider MVP. This award is a token of our appreciation, your leadership and passion help make Windows the best yet. We look forward to our on-going collaboration with you and all of our Windows Insider MVPs as we continue to strengthen the Windows Insider MVP (WI MVP) Program.

                      References:


                      Home
                      Remember - "A day without laughter is a day wasted."
                      May the wind sing to you and the sun rise in your heart...

                      Tuesday, June 26, 2018

                      Mozilla Firefox Version 61.0 Released with Security Improvements


                      FirefoxMozilla sent Firefox Version 61.0 to the release channel today.  The update includes fifteen (15) security fixes, of which four (4) are critical, four (4) are rated High, six (6) are rated Moderate and one (1) is rated Low.

                      In addition, Firefox ESR 52.9.0 has also been released.   This is the last "main" version that will support Windows XP although some some minor builds (52.9.x) may be added through August.

                      Security Fixes

                      New

                      • Enhanced performance:
                        • Faster page rendering with Quantum CSS improvements and the new retained display list feature
                        • Faster switching between tabs on Windows and Linux
                        • WebExtensions now run in their own process on MacOS

                      • Convenient access to more search engines: You can now add search engines to the address bar “Search with” tool from the page action menu when on a webpage that provides an OpenSearch plugin
                      • Share links from Firefox for MacOS more easily: You can now share the URL of an active tab from the page actions menu in the address bar

                      • Improved security:
                        • On-by-default support for the latest draft of the TLS 1.3 specification
                        • Access to FTP subresources inside http(s) pages has been blocked

                      • A more consistent user experience: Improvements for dark theme support across the entire Firefox user interface
                      • More customization for tab management: added support to allow WebExtensions to hide tabs
                      • Improved bookmark syncing

                      Changed

                      • The settings for customizing your homepage and new tab page in Firefox have been added to a new Preferences section that can be accessed from Firefox at about: preferences#home. The settings can also be accessed via the gear icon on the New Tab page.


                      Update:  To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

                      References




                      Remember - "A day without laughter is a day wasted."
                      May the wind sing to you and the sun rise in your heart...

                      Tuesday, June 12, 2018

                      Microsoft Security Updates for June, 2018



                      The June security release consists of 50 CVEs, of which 11 are listed as Critical and 39 are rated Important.  One is listed as being publicly known at the time of release, and none are listed as under active attack.

                      The updates address Security Feature Bypass, Information Disclosure, Remote Code Execution, Elevation of Privilege and Denial of Service.  The release consists of security updates for the following software:
                      • Internet Explorer
                      • Microsoft Edge
                      • Microsoft Windows
                      • Microsoft Office and Microsoft Office Services and Web Apps
                      • ChakraCore
                      • Adobe Flash Player (although Adobe released Flash Player updates last week)
                      In addition, Microsoft is releasing the following advisory:  Microsoft Security Advisory 4338110, "Guidance to mitigate speculative execution side-channel vulnerabilities".

                      Known Issues: 4284880, 4284819, 4284835, 4284826, 4284867

                      As usual, Dustin Childs has provided a closer look at some of the patches for this month.in this month's Zero Day Initiative — The June 2018 Security Update Review.

                      More:  For more information about the updates released today, see https://portal.msrc.microsoft.com/en-us/security-guidance/summary.  Updates can be sorted by OS from the search box. Information about the update for Windows 10 is available at Windows 10 Update history.

                      Additional Update Notes

                      • Adobe Flash Player -- For Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1 and Windows 10, Adobe Flash Player is now a security bulletin rather than a security advisory and is included with the updates as identified above.
                      • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.  Note:  Users who are paranoid about the remote possibility of a FP can opt to run this tool from a Command Prompt, appending a   /N   parameter [for "detect only" mode].
                      • Windows 10 -- A summary of important product developments included in each update, with links to more details is available at Windows 10 Update History. The page will be regularly refreshed, as new updates are released.

                      References


                      Remember - "A day without laughter is a day wasted."
                      May the wind sing to you and the sun rise in your heart...





                      Pale Moon Version 27.9.3 Released with Security Updates


                      Pale Moon
                      Pale Moon has been updated to version 27.9.3.  This is a security update.  From the Release Notes:

                      Changes/fixes:
                      • (CVE-2017-0381) Ported a patch from libopus upstream. Note, contrary to that report, the libopus maintainers state they don't believe remote code execution was possible, so this was not a critical patch.
                      • Fixed an issue with task counting in JS GC.
                      • Fixed a use-after-free in DOMProxyHandler::EnsureExpandoObject (thanks to Berk Cem Göksel for reporting).
                      • Portable only: Included the previously omitted registry helper. This may in some cases help with file/type associations.
                           Minimum system Requirements (Windows):
                          • Windows 7/8/10/Server 2008 or later
                          • A processor with SSE2 instruction support
                          • 256 MB of free RAM (512 MB or more recommended)
                          • At least 150 MB of free (uncompressed) disk space
                          Pale Moon includes both 32- and 64-bit versions for Windows:

                          Update

                          To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.




                          Remember - "A day without laughter is a day wasted."
                          May the wind sing to you and the sun rise in your heart...


                          Thursday, June 07, 2018

                          Adobe Flash Player Critical Security Update

                          Adobe Flashplayer

                          Adobe has released Version 30.0.0.113 of Adobe Flash Player.  The update address critical vulnerabilities that could lead to remote code execution affecting version 29.0.0.171 and earlier.

                          Release date:  June 7, 2018
                          Vulnerability identifier: APSB18-19
                          Platform:  Windows, Macintosh, Linux and Chrome OS
                           

                          Vulnerability details


                          Vulnerability Category Vulnerability Impact Severity CVE Number
                          Type Confusion Arbitrary Code Execution Critical CVE-2018-4945
                          Integer Overflow Information Disclosure Important CVE-2018-5000
                          Out-of-bounds read Information Disclosure Important CVE-2018-5001
                          Stack-based buffer overflow Arbitrary Code Execution Critical CVE-2018-5002

                          Note that exploit for CVE-2018-5002 exists in the wild, and is being used in limited, targeted attacks against Windows users. These attacks leverage Office documents with embedded malicious Flash Player content distributed via email.  

                          Note:  Microsoft has issued an out-of-band update for the critical Adobe Flash Player vulnerabilities:  Security update for Adobe Flash Player: June 7, 2018

                          Update:

                          *Important Note:  Downloading the update from the Adobe Flash Player Download Center link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras that you do not want.  They are not needed for the Flash Player update.

                            Verify Installation

                            To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

                            Do this for each browser installed on your computer.

                            To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

                            References



                            Remember - "A day without laughter is a day wasted."
                            May the wind sing to you and the sun rise in your heart...









                            Wednesday, June 06, 2018

                            Mozlla Firefox Version 60.0.2 Released


                            FirefoxMozilla sent Firefox Version 60.0.2 to the release channel today.  The update includes developer and MacOS fixes.

                            It wasn't listed in the Release Notes when I originally posted but, come to find out not only was Firefox ESR updated both ESR and Version 60.0.2 included two security fixes, one rated critical and one rated high.  Firefox ESR is now Version 52.8.1.

                            Fixed
                            • Fix missing nodes in the developer tools Inspector panel (bug 1460223)
                            • Fix font rendering when using third-party font managers on OS X 10.11 and earlier (bug 1460917)


                            Changed
                            • Updated to NSS 3.36.4 from 3.36.1:
                              • Connecting to a server that was recently upgraded to TLS 1.3 would result in a SSL_RX_MALFORMED_SERVER_HELLO error (bug 1462303)
                              • Fix crash on macOS related to authentication tokens, e.g. PK11 or WebAuthn (bug 1461731)
                              See release notes for NSS 3.36.2 and 3.36.4

                              Update:  To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

                              References




                              Remember - "A day without laughter is a day wasted."
                              May the wind sing to you and the sun rise in your heart...

                              Sunday, May 27, 2018

                              Remembering Those Who Gave Their All

                              Vietnam Memorial Wall
                              April 30, 2005
                              Photograph by Luigi Masu

                              In honor of those who gave their all in the service of their country. 


                              Memorial Day History


                              Home
                              Remember - "A day without laughter is a day wasted."
                              May the wind sing to you and the sun rise in your heart...

                              Friday, May 25, 2018

                              More GDPR





                              If you are like me, you have likely seen more notices about privacy policy updates during recent days and weeks than the entire time you have been on the Internet.  Although, I must admit that I particularly enjoyed the "First message from deep space", that I saw on Twitter via Marcin Kleczynski.









                              Even after all the privacy policy notices I have seen, I was surprised when opening my blog account this morning to find the the information below that Google placed in my account:



                              Following the "Learn more" link which redirects to Cookies notification in European Union countries - Blogger Help, I discovered that visitors to Security Garden from the EU should be seeing the following notice:

                              Google Added Cookie Notice

                               "LEARN MORE" from the notice leads to How Google uses cookies – Privacy & Terms – Google.

                               Since I have confirmed that the notice works and displays, do not use AdSense and am not aware of any functionality from other providers, I gather that GDR requirements have been fulfilled with respect to this blog.  However, that may not be the case with Google as indicated in Google and Facebook accused of breaking GDPR laws - BBC News and Facebook and Google hit with $8.8 billion in GDPR lawsuits - The Verge.



                              Home
                              Remember - "A day without laughter is a day wasted."
                              May the wind sing to you and the sun rise in your heart...