Friday, May 18, 2018

Pale Moon Version 27.9.2 Released


Pale Moon
Pale Moon has been updated to version 27.9.2.  This is a security and stability update.  From the Release Notes:

Changes/fixes:
  • We changed the language strings for softblocked items so people will cry less when we do our job.
  • (CVE-2018-5174) Prevent potential SmartScreen bypass on Windows 10.
  • (CVE-2018-5173) Fixed an issue in the Downloads panel improperly rendering some Unicode characters, allowing for the file name to be spoofed. This could be used to obscure the file extension of potentially executable files from user view in the panel.
  • (CVE-2018-5177) Fixed a vulnerability in the XSLT component leading to a buffer overflow and crash if it occurs.
  • (CVE-2018-5159) Fixed an integer overflow vulnerability in the Skia library resulting in possible out-of-bounds writes.
  • (CVE-2018-5154) Fixed a use-after-free vulnerability while enumerating attributes during SVG animations with clip paths.
  • (CVE-2018-5178) Fixed a buffer overflow during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable extension in order to occur.
  • Fixed several stability issues (crashes) and memory safety hazards.
       Minimum system Requirements (Windows):
      • Windows 7/8/10/Server 2008 or later
      • A processor with SSE2 instruction support
      • 256 MB of free RAM (512 MB or more recommended)
      • At least 150 MB of free (uncompressed) disk space
      Pale Moon includes both 32- and 64-bit versions for Windows:

      Update

      To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.




      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...


      Wednesday, May 16, 2018

      Mozilla Firefox Version 60.0.1 Released


      FirefoxMozilla sent Firefox Version 60.0.1 to the release channel today.  The update includes a number of fixes to the recently released version 60.

      Firefox ESR remains at version 52.8.

      Fixed
      • Avoid overly long cycle collector pauses with some add-ons installed (Bug 1449033)
      • Stop displaying "Sponsored content" on the New Tab page immediately after the "Sponsored Stories" option is disabled (Bug 1458906)
      • On touchscreen devices, fixed momentum scrolling on non-zoomable pages (Bug 1457743)
      • Fixed black map on Google Maps with updated Nvidia Web Drivers on macOS (Bug 1458553)
      • Use the right default background when opening tabs or windows in high contrast mode (Bug 1458956)
      • The Firefox uninstaller on Windows is now translated again (Bug 1436662)
      • Restored translations of the Preferences panels when using a language pack (Bug 1461590)

      Changed
      • WebVR has been disabled by default on macOS (Bug 1459362)

        Update:  To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

        References




        Remember - "A day without laughter is a day wasted."
        May the wind sing to you and the sun rise in your heart...

        Monday, May 14, 2018

        Adobe Reader DC and Acrobat DC Critical Security Updates Released

        Adobe

        Adobe has released security updates for Adobe Reader DC and Adobe Acrobat DC for Windows and Macintosh.  These updates are rated as six (6) critical and five (5) rated important, addressing Arbitrary Code Execution, Information Disclosure and Security Bypass.  Also see this KB article for more information on mitigating CVE-2018-4993.

        Release date:  May 14, 2018
        Vulnerability identifier: APSB18-09
        Platform: Windows and Macintosh

        Update or Complete Download

        Update checks can be manually activated by choosing Help > Check for Updates.  Reader DC and Acrobat DC were updated to 2018.011.20040.   
        Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.


        References





        Home
        Remember - "A day without laughter is a day wasted."
        May the wind sing to you and the sun rise in your heart...







        Wednesday, May 09, 2018

        Mozilla Firefox Version 60.0 Released with Security Updates


        FirefoxMozilla sent Firefox Version 60.0 to the release channel today.  The update includes twenty-six (26) security fixes of which two (2) are rated critical, six (6) high, fourteen (14) moderate, and four (4) low.

        Firefox ESR has been updated to version 52.8.

        Security Fixes

        Critical:
        High:
        Moderate:
        Low:
        New

        • Added a policy engine that allows customized Firefox deployments in enterprise environments, using Windows Group Policy or a cross-platform JSON file
        • Enhancements to New Tab / Firefox Home
          • Responsive layout that shows more content for users with wide-screen displays
          • Highlights section includes web sites saved to Pocket
          • More options to reorder sections and content on the page
          • Pocket Sponsored Stories will appear for a percentage of users in the US. Read about our privacy-conscious approach to sponsored content
        • Redesigned Cookies and Site Storage section in Preferences for greater clarity and control of first- and third-party cookies
        • Applied Quantum CSS to render browser UI
        • Added support for Web Authentication API, which allows USB tokens for website authentication
        • Enhanced camera privacy indicators: Firefox now turns off your camera and the camera's light when you disable video recording, and turns the camera and light on when you resume recording
        • Added an option for Linux users to show or hide page titles in a bar at the top of the browser. You’ll find the Title Bar option in the Customize panel available from the main browser menu.
        • Improved WebRTC audio performance and playback for Linux users
        • Locale added: Occitan (oc)
        Changed
        • Changed the Windows shortcut for entering Reader View to F9, for better compatibility with keyboard layouts that use AltGr
        • Bookmarks no longer support multiple keywords for the same URL unless the request has different POST data
        • TLS certificates issued by Symantec before June 1st, 2016 are no longer trusted by Firefox
        • Updated the Skia graphics library to milestone 66
        Developer
        Unresolved
        • After disabling Sponsored Stories from the New Tab page settings, the next opened tab may still show a sponsored tile (bug 1458906)
        • WebVR does not work on macOS with Vive headsets (bug 1454204)

        Update:  To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

        References




        Remember - "A day without laughter is a day wasted."
        May the wind sing to you and the sun rise in your heart...

        Tuesday, May 08, 2018

        Microsoft May, 2018 Security Updates



        The May security release consists of 68 CVEs, of which 21 are listed as Critical, 45 are rated Important, and two listed as Low in severity.  Two are listed as being under active attack, and two more are listed as publicly known at the time of release.

        The updates address Remote Code Execution, Denial of Service, Denial of Service, Information Disclosure, Elevation of Privilege, and Security Feature Bypass.  The release consists of security updates for the following software:

          • Internet Explorer
          • Microsoft Edge
          • Microsoft Windows
          • Microsoft Office and Microsoft Office Services and Web Apps
          • ChakraCore
          • Adobe Flash Player
          • .NET Framework
          • Microsoft Exchange Server
          • Windows Host Compute Service Shim


            Known Issues: 4103723, 4103727, 4103718, and 4103712.


            As usual, Dustin Childs has provided a closer look at some of the patches for this month.in this month's Zero Day Initiative — The May 2018 Security Update Review.

            More:  For more information about the updates released today, see https://portal.msrc.microsoft.com/en-us/security-guidance/summary.  Updates can be sorted by OS from the search box. Information about the update for Windows 10 is available at Windows 10 Update history.

            Additional Update Notes

            • Adobe Flash Player -- For Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1 and Windows 10, Adobe Flash Player is now a security bulletin rather than a security advisory and is included with the updates as identified above.
            • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.  Note:  Users who are paranoid about the remote possibility of a FP can opt to run this tool from a Command Prompt, appending a   /N   parameter [for "detect only" mode].
            • Windows 10 -- A summary of important product developments included in each update, with links to more details is available at Windows 10 Update History. The page will be regularly refreshed, as new updates are released.

            References


            Remember - "A day without laughter is a day wasted."
            May the wind sing to you and the sun rise in your heart...





            Adobe Flash Player Critical Security Update Released

            Adobe Flashplayer

            Adobe has released Version 29.0.0.171 of Adobe Flash Player.  The update address critical vulnerabilities that could lead to remote code execution affecting version 29.0.0.140 and earlier.  Successful exploitation could lead to arbitrary code execution in the context of the current user.

            Release date:  May 8, 2018
            Vulnerability identifier: APSB18-16
            Platform:  Windows, Macintosh, Linux and Chrome OS

            Fixed Issues

            • Gradients in static SWFs shows "Movie Not Loaded" in Flash Player (FP-4198806)

            Update:

            *Important Note:  Downloading the update from the Adobe Flash Player Download Center link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras that you do not want.  They are not needed for the Flash Player update.

              Verify Installation

              To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

              Do this for each browser installed on your computer.

              To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

              References



              Remember - "A day without laughter is a day wasted."
              May the wind sing to you and the sun rise in your heart...









              Monday, May 07, 2018

              Pale Moon Version 27.9.1 Released


              Pale Moon
              Pale Moon has been updated to version 27.9.1.  This is a maintenance release.  From the Release Notes:

              Changes/fixes:
              • Removed the unused/incomplete places protocol handler.
              • Worked around an issue with MSE media without a Track ID. This should help with the playability of some live streams.
              • Ported across jemalloc improvements from UXP.
              • Ported across cairo mutex improvements from UXP.
              • Added support for FFmpeg 4.0/libavcodec 58.
              • Added a fix for Windows 10's "isAlpha()" not being what one would expect in v1803.
                   Minimum system Requirements (Windows):
                  • Windows 7/8/10/Server 2008 or later
                  • A processor with SSE2 instruction support
                  • 256 MB of free RAM (512 MB or more recommended)
                  • At least 150 MB of free (uncompressed) disk space
                  Pale Moon includes both 32- and 64-bit versions for Windows:

                  Update

                  To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.




                  Remember - "A day without laughter is a day wasted."
                  May the wind sing to you and the sun rise in your heart...