Wednesday, August 14, 2019

Mozilla Firefox Version 68.0.2 Released with Security Update

Firefox

Mozilla sent Firefox Version 68.0.2 to the release channel today. The update included one (1) security update, rated moderate.

As of the last check, no update is available for ESR.

Moderate

Fixed
  • Fixed a bug causing some special characters to be cut off from the end of the search terms when searching from the URL bar (bug 1560228)
  • Allow fonts to be loaded via file:// URLs when opening a page locally (bug 1565942)
  • Printing emails from the Outlook web app no longer prints only the header and footer (bug 1567105)
  • Fixed a bug causing some images not to be displayed on reload, including on Google Maps (bug 1565542)
  • Fixed an error when starting external applications configured as URI handlers (bug 1567614)
Update:  To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

References


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, August 13, 2019

Adobe Flash Player Update


Adobe Flashplayer

Adobe has released Version 32.0.0.238 of Adobe Flash Player for Windows 7 and earlier, macOS, Linux and Chrome OS. The update addresses bug fixes described in the Release Notes as "Assorted functional fixes".

Note that because this is not a security update, Microsoft has not released updates to Adobe Flash Player for Microsoft Edge and Internet Explorer on 8.1/10.  The Flash Player for those browsers remains at Version 32.0.0.207, which was the security update released in June by Adobe.

Release date:  August 13, 2019
Vulnerability identifier: None
Platform:  Windows, Macintosh, Linux and Chrome OS

Update:

*Important Note:  Downloading the update from the Adobe Flash Player Download Center link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras that you do not want.  They are not needed for the Flash Player update.

    Verify Installation

    To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

    Do this for each browser installed on your computer.

    To verify the version of Adobe Flash Player for Android, go to Settings/Applications/Manage Applications/Adobe Flash Player x.x.

    References



    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...









    Microsoft August 2019 Security Updates



    The August security updates have been released and consist of 93 CVEs and 2 advisories. Of these 93 CVEs, 29 are rated Critical, and 64 are rated Important in severity. None are listed as publicly known or as under active attack at the time of release but multiple bugs this month fall into the wormable category.

    The updates address Information Disclosure, Elevation of Privilege, Remote Code Execution, Denial of Service, Security Feature Bypass, Tampering and Spoofing. They apply to the following:  Microsoft Windows, Internet Explorer, Microsoft Edge, ChakraCore, Microsoft Office and Microsoft Office Services and Web Apps, Visual Studio, Online Services, Active Directory, Microsoft Dynamics.

    Known Issues:  See the Known Issues and accompanying work-around in the KB Articles:

    KB Article Applies To
    4511553 Windows 10, version 1809, Windows Server 2019
    4511872 Internet Explorer
    4512476 Windows Server 2008 SP2 (Monthly Rollup)
    4512482 Windows Server 2012 (Security-only update)
    4512486 Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Security-only update)
    4512488 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
    4512489 Windows 8.1, Windows Server 2012 R2 (Security-only update)
    4512491 Windows Server 2008 SP2 (Security-only Update)
    4512497 Windows 10
    4512501 Windows 10, version 1803, Windows Server version 1803
    4512506 Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Monthly Rollup)
    4512507 Windows 10, version 1703
    4512508 Windows 10, version 1903, Windows Server version 1903
    4512516 Windows 10, version 1709
    4512517 Windows 10, version 1607, Windows Server 2016
    4512518 Windows Server 2012 (Monthly Rollup)

    Recommended Reading:  

    See Dustin Childs review and analysis in Zero Day Initiative — The August 2019 Security Update Review.

    For more information about the updates released today, see https://portal.msrc.microsoft.com/en-us/security-guidance/summary.  Updates can be sorted by OS from the search box. Information about the update for Windows 10 is available at Windows 10 Update history.

    Additional Update Notes:

    • Adobe Flash Player -- For Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1 and Windows 10, Adobe Flash Player is now a security bulletin rather than a security advisory and is included with the updates as identified above.
    • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.  Note:  Users who are paranoid about the remote possibility of a FP can opt to run this tool from a Command Prompt, appending a   /N   parameter [for "detect only" mode].
    • Servicing Stack Updates -- A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update. Learn more about SSU's in Servicing Stack Updates (SSU)
    • Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are also available via the Microsoft Update Catalog.
    • For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
    • Windows Update History:

    References


    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...





    Adobe Acrobat DC and Reader DC Security Updates Released

    Adobe
    Adobe has released important security updates for Adobe Acrobat and Reader addressing 47 CVE's for Windows and macOS. Successful exploitation could lead to information disclosure and arbitrary code execution in the context of the current user.  

    Release date:  August 13, 2019
    Vulnerability identifier: APSB19-41
    Platform: Windows and MacOS

    Update or Complete Download

    Reader DC and Acrobat DC were updated to version 2019.012.20036. 

     Update checks can be manually activated by choosing Help/Check for Updates. 
    Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.


    References





    Home
    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...



    Friday, August 02, 2019

    Servicing Stack Updates (SSU)


    https://cdn.makeuseof.com/wp-content/uploads/2012/02/Windows-Update-Logo.png

    Servicing Stack Updates (SSU) seem to cause a lot of confusion.  Users see posts mentioning a SSU update but when viewing Update History, only the latest Cumulative Update is listed.  So, what is the Servicing Stack and why are the updates important?

    What is the Servicing Stack?

    Simply stated, the Servicing Stack is what actually installs Windows Updates.  However, it also contains the "component-based servicing stack" (CBS).  The CBS is key to DISM, SFC, as well as changing Windows features or roles, and repairing components.

    Why are the SSU Updates Important?

    The Microsoft Docs article referenced below explains the importance of SSU's as follows:
    "Servicing stack updates improve the reliability of the update process to mitigate potential issues while installing the latest quality updates and feature updates. If you don't install the latest servicing stack update, there's a risk that your device can't be updated with the latest Microsoft security fixes."
    As an example of a SSU update, following are the issues addressed in the July 26, 2019 Servicing Stack Update for Windows 10, 1903 x64-based Systems:
    • Addresses an issue in which an update may not install with certain other updates and upon start up after installation of the other updates, will require a second scan of Windows Update and a second restart to complete installation.
    • Addresses an issue in which reserved disk space may not be returned to free space when installation of Language Packs or Features on Demand (FODs) fails or is canceled.  The disk space is returned to free space when Storage Sense is run.
    • Addresses an issue when Windows Update Check for updates is run during the installation or uninstallation of an update, Features on Demand (FODs) or Language packs, which may cause the installation to fail and may cause a restart to take up to an hour.
    Getting the SSU:

    When there is a Servicing Stack Update released with security or cumulative updates, the updates are automatically installed with Windows Update (you won't see the SSU offered in the list of updates available).  Because each Servicing Stack Update replaces the complete "stack" they do not require a restart.

    If you are unsure whether you have the latest Servicing Stack Updates installed, the list of SSU's is at https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV990001.  Locate the update for your operating system.  Clicking the KB number will take you to the update, which includes the date of the last update.  You can now find the date of the last update on your device in the link to "View installed updates" located in Programs and Features of the Control Panel.

    References:
    Home
    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    Friday, July 26, 2019

    Windows 10 Cumulative Updates



    Microsoft released cumulative updates with non-security improvements and fixes for Windows 10 Version 1903 today.  In addition updates were recently released for Versions 1809, 1803, 1709, 1703 and 1607. 

    In addition,  SSU (KB4512937) has been released for Windows 10 Version 1809 and will be offered to you automatically with Windows Update. To get the standalone package for the latest SSU, search for it in the Microsoft Update Catalog.(Service Stack Update).

    To view the improvements and features as well as known issues with accompanying work-around, see the following KB articles for your version of Windows 10:
    To download and install the update, go to Settings > Update and Security Windows Update and select Check for updates.


    Home
    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    Thursday, July 25, 2019

    Pale Moon Version 28.6.1 Released with Security Updates


    Pale Moon
    Pale Moon has been updated to version 28.6.1.  This is a security and bugfix update.

    From the Release Notes:

    Changes/fixes:

    • Improved handling of FTP resource loading (allow save-as and cater to some FTP-based browsing).
    • Added a preference (security.block_ftp_subresources) to allow users to completely bypass the blocking of FTP subresources if required for their environment, if the improvements made in this release do not suffice.
    • Added blocking of authentication-locked cross-origin image subresources by default to prevent spurious auth prompts.
      A preference (network.auth.subresource-http-img-XO-auth) was added to allow users to bypass this blocking if required for their environment.
    • Changed the behavior of file: URIs to treat each URI as a unique origin. This prevents cross-file access from scripting.
      A preference (security.fileuri.unique_origin) was added to allow users to relax this restriction if required for their environment.
    • Implemented a revised version of http2PushedStream to address some thread safety issues.
    • Aligned browser behavior with mainstream regarding inner window behavior when domain is manipulated.
    • Backed out a 28.5.* patch for causing multiple issues in the UI and web content.
    • Updated NSS to 3.41.2 (custom) to pick up several upstream fixes.
    • Fixed a type confusion issue in JavaScript Arrays. (DiD)
    • Added a fix for cross-thread access of Necko. (DiD)
    • Added a port safety check for Alternative Services.
    • Implemented fixes for applicable security issues: CVE-2019-11719, CVE-2019-11711, CVE-2019-11715, CVE-2019-11717, CVE-2019-11714 (DiD), CVE-2019-11729 (DiD), CVE-2019-11727 (DiD), CVE-2019-11730 (DiD), CVE-2019-11713 (DiD) and several networking and memory-safety hazards that do not have CVE numbers.
    DiD This means that the fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

    UpdateTo get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Click About Pale Moon and  Check for Updates.




    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...



    Thursday, July 18, 2019

    Firefox Version 68.0.1 Released

    Firefox

    Mozilla sent Firefox Version 68.0.1 to the release channel today. As of the last check, no update is available for ESR.

    New

    • macOS releases are now signed by the Apple notary service, allowing Firefox to properly run on macOS 10.15 Beta releases

    Fixed

    • Fixed missing Full Screen button when watching videos in full screen mode on HBO GO (bug 1562837)
    • Fixed a bug causing incorrect messages to appear for some locales when sites try to request the use of the Storage Access API (bug 1558503)
    • Users in Russian regions may have their default search engine changed (bug 1565315)
    • Built-in search engines in some locales do not function correctly (bug 1565779)
    Update:  To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

    References


    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    Wednesday, July 17, 2019

    Oracle Java SE Critical Security Update Released

    java

    Oracle released the scheduled critical security updates for its Java SE Runtime Environment software.  This Critical Patch Update contains 10 new security fixes for Oracle Java SE.  Nine (9) of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.  The English text form of this Risk Matrix can be found here. The update also includes numerous Bug Fixes.

    Update

    If Java is still installed on your computer, it is recommended that this update be applied as soon as possible due to the threat posed by a successful attack.

    Download Information

    Java SE 8u221
    Java SE 12.0.2 Development Kit (64-bit only)
    Notes:
    • UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.  Preferably, see the instructions below on how to handle "Unwanted Extras".  
    • Oracle does not plan to migrate desktops from Java 8 to Java 9 through the auto update feature.  Therefore, it is strongly recommended that you uninstall JRE 8 prior to updating.
    • Verify your versionhttp://www.java.com/en/download/testjava.jsp.   Note:  The Java version verification page will only work if your browser has NPAPI support.  In that case, to check the version, open a cmd window and enter the following (note the space following Java):  java -version

    Critical Patch Updates

    For Oracle Java SE Critical Patch Updates, the next scheduled dates are as follows:
    • 15 October 2019
    • 14 January 2020
    • 14 April 2020
    • 14 July 2020

    Unwanted "Extras"

    Although most people do not need Java on their computer, there are some programs and games that require Java.  In the event you need to continue using Java, How-to Geek discovered a little-known and  unpublicized option in the Java Control Panel to suppress the offers for the pre-checked unwanted extras that Oracle has long included with the updates.  Although the Ask Toolbar has been removed, tha does not preclude the pre-checked option for some other unnecessary add-on.

    Do the following to suppress the sponsor offers:
    1. Launch the Windows Start menu
    2. Click on Programs
    3. Find the Java program listing
    4. Click Configure Java to launch the Java Control Panel
    5. Click the Advanced tab and go to the "Miscellaneous" section at the bottom.
    6. Check the box by the “Suppress sponsor offers when installing or updating Java” option and click OK.
    Java suppress sponsor offers

    Java Security Recommendations

    1)  In the Java Control Panel, at minimum, set the security to high.
    2)  Keep Java disabled until needed.  Uncheck the box "Enable Java content in the browser" in the Java Control Panel.
    3)  Instructions on removing older (and less secure) versions of Java can be found at http://java.com/en/download/faq/remove_olderversions.xml

    References




    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...




    Tuesday, July 09, 2019

    Microsoft July 2019 Security Updates



    The July security updates have been released and consist of 78 CVEs and 2 advisories. Of these 78 CVEs, 15 are rated Critical, 62 are rated Important, and one is rated Moderate in severity. Six are listed as publicly known, and two are listed as under active attack at the time of release.

    The updates address Spoofing, Elevation of Privilege, Remote Code Execution, Denial of Service,  Information Disclosure and Security Feature Bypass. They apply to the following:  Adobe Flash Player, Microsoft Windows, Internet Explorer, Microsoft Edge, Microsoft Office and Microsoft Office Services and Web Apps, Azure DevOps, Open Source Software, .NET Framework, Azure, SQL Server, ASP.NET, Visual Studio and Microsoft Exchange Server.

    Known Issues:  See the Known Issues and accompanying work-around in the KB Articles:

    KB Article Applies To
    4493730 Servicing stack update for Windows Server 2008 SP2
    4507434 Internet Explorer 11
    4507435 Windows 10, version 1803
    4507448 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
    4507449 Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Monthly Rollup)
    4507450 Windows 10, version 1703
    4507453 Windows 10, version 1903, Windows Server version 1903
    4507455 Windows 10, version 1709
    4507457 Windows 8.1, Windows Server 2012 R2 (Security-only update)
    4507458 Windows 10
    4507460 Windows 10 1607 and Windows Server 2016
    4507462 Windows Server 2012 (Monthly Rollup)
    4507464 Windows Server 2012 (Security-only update)
    4507469 Windows 10, version 1809, Windows Server 2019

    Recommended Reading:  

    See Dustin Childs review and analysis in Zero Day Initiative — The July 2019 Security Update Review.

    For more information about the updates released today, see https://portal.msrc.microsoft.com/en-us/security-guidance/summary.  Updates can be sorted by OS from the search box. Information about the update for Windows 10 is available at Windows 10 Update history.

    Additional Update Notes:

    • Adobe Flash Player -- For Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1 and Windows 10, Adobe Flash Player is now a security bulletin rather than a security advisory and is included with the updates as identified above.
    • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.  Note:  Users who are paranoid about the remote possibility of a FP can opt to run this tool from a Command Prompt, appending a   /N   parameter [for "detect only" mode].
    • Servicing Stack Updates -- A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update. 
    • Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are also available via the Microsoft Update Catalog.
    • For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
    • Windows Update History:

    References


    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...





    Mozilla Firefox Version 68.0 Released With Security Updates


    Firefox Mozilla sent Firefox Version 68.0 to the release channel today.  The update included twenty-one (21) security updates of which two (2) are critical, four (4) are high, ten (10) moderate and five (5) are rated low.

    Correction:   Firefox ESR 60.8.0 has been released and the Extended Support Release version upgrade to 68.0 ESR is now available.

    Critical

    High

    Moderate

    Low

    New

    • Dark mode in reader view expands so that windows are also dark on the controls, sidebars and toolbars.
    • Improved extension security and discovery:
      • New reporting feature in about:addons allows you to report security and performance issues with extensions and themes.
      • Redesigned extensions dashboard in about:addons provides easy access to information about your extensions, including data and settings access required by each extension.
      • Find high quality, secure extensions via the Recommended Extensions program in about:addons, which now displays user count and ratings for each extension. "Recommended” badges for these extensions also appear on AMO. More extensions will be added over time.
    • Cryptomining and fingerprinting protections are added to strict content blocking settings in Privacy & Security preferences.
    • WebRender will roll out to Windows 10 users with AMD graphics cards.
    • Windows Background Intelligent Transfer Service (BITS) update download support, which allows Firefox update downloads to continue when Firefox is closed.

    Fixed

    • Local files can no longer access other files in the same directory.

    Changed

    • Unified existing locales (bn-BD, bn-IN) under a single Bengali (bn) localization.
    • The following unmaintained translations have been removed: Assamese (as), English - South Africa (en-ZA), Maithili (mai), Malayalam (ml), Odia (or). Existing users will be migrated to the British English (en-GB) version.
    • When an HTTPS error caused by antivirus software is detected, Firefox will attempt to automatically fix it
    • Camera and microphone access now require an HTTPS connection.
    • The way non-default preferences are synced has changed. Please see this support article for more details

    Update:  To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

    References


    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    Adobe Flash Player Update Released


    Adobe Flashplayer

    Adobe has released Version 32.0.0.223 of Adobe Flash Player for Windows, macOS, Linux and Chrome OS. The update addresses bug fixes described in the Release Notes as "Assorted functional fixes". 

    Release date:  July 9, 2019
    Vulnerability identifier: None
    Platform:  Windows, Macintosh, Linux and Chrome OS

    Update:

    *Important Note:  Downloading the update from the Adobe Flash Player Download Center link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras that you do not want.  They are not needed for the Flash Player update.

      Verify Installation

      To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

      Do this for each browser installed on your computer.

      To verify the version of Adobe Flash Player for Android, go to Settings/Applications/Manage Applications/Adobe Flash Player x.x.

      References



      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...









      Thursday, July 04, 2019

      Out-of-Band Pale Moon Update to Version 28.6.0.1


      Pale Moon
      Pale Moon has been updated to version 28.6.0.1. This is an out-of-band update to fix some pressing issues with the latest release.  Linux versions will follow when the Linux builders have had time to make fresh builds.

      From the Release Notes:

      Changes/fixes:

      • Updated the application icon to provide better visuals on Windows classic and other grey backgrounds.
      • Reduced the Master Password hashing rounds to prevent issues with stored password retrieval while still sufficiently strengthening the encryption.
        If you have previously re-keyed the database after the update to 28.6.0, you should do so again by going through the change master password process to reduce access times.
      • Updated the WhatsApp Web site-specific user-agent override to respond to Google refusing access based on the old string.
      • Updated the branding for the portable launcher.

      Update

      To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Click About Pale Moon and  Check for Updates.




      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...



      Tuesday, July 02, 2019

      Pale Moon Version 28.6.0 Released


      Pale Moon
      Pale Moon has been updated to version 28.6.0.  This is a major development update, focusing on under-the-hood improvements and bugfixes, code cleanup, and performance.

      From the Release Notes:

      Changes/fixes:
      • Implemented String.prototype.trimStart and String.prototype.trimEnd (ES2019)
      • Implemented Array.prototype.flat and Array.prototype.flatMap (ES2019)
      • Implemented Symbol.prototype.description (ES2019)
      • Added support for gzip-compressed SVG-in-Opentype fonts.
      • Updated official branding.
      • Updated reader view components.
      • Added a preference to control the setting of cookies through meta header information (non-standard feature) and disabled by default.
      • Updated ES6 Atomics and re-enabled them.
      • Updated internationalization code to support updated time zones and the Japanese Reiwa era.
      • Updated NSS to a custom version to have better encryption strength for master passwords.
        IMPORTANT: To use this strong encryption and re-key the password database with it, change your master password (can be changed to the same one you already had if desired, but you have to go through the change password process). Depending on your computer and the number of stored passwords, this encryption update may take some time, so please be patient. Please be aware that once re-keyed, the password store will be locked to the new encryption and will no longer be accessible with the master password in older versions of Pale Moon.
      • Restored "Release notes" in the help menu.
      • Rearchitectured the application/extension update code.
      • Added several performance improvements to DOM and the parser.
      • Improved JavaScript garbage collection of dead compartments.
      • Fixed a performance issue with painting on some pages.
      • Improved performance of some websites with complex event regions.
      • Fixed a potential performance issue in display lists on some pages.
      • Fixed a rendering bottleneck for the use of XRender when using a remote session.
      • Fixed graphical artifacts/flickering when using XRender on Intel or Intel-hybrid GPU setups.
      • Added a DiD fix for potential future issues with inlining array natives.
      • Fixed a potential UAF situation in the HTML5 parser (DiD)
      • Fixed an origin-clean bypass issue.
      • Changed the way permissions for predefined sites are loaded.
      • Reverted the 28.5.1 change to treat *.jnlp files as executables (CVE-2019-11696) after input from an Oracle representative. Java Web Start files are not executable and should not be treated any different than regular documents handled by external applications.
      • Removed SecurityUI telemetry.
      • Removed some other dead telemetry code.
      • Removed geo-specific selection of default search engines.
      • Deprecated the use of FUEL.
      • Removed the unused code for "enhanced tiles" in the new tab page.
      • Removed preference to brute-force e10s to on.
      • Removed Unboxed Array code.
      • Removed Unboxed Object code.
      • Fixed failure to print if a page contains a 0-sized canvas element.
      • Fixed an issue with tab-modal dialogs being presented in the wrong order.
      • Fixed an issue with the tab bar remaining collapsed in customize mode if normally hidden.
      • Fixed an issue with Sync when choosing to overwrite data with synced data.
      • Fixed an issue with tab previews on the taskbar.
      • Fixed an issue with IntersectionObserver viewport accuracy.
      • Fixed Scroll bar orientation on Mac OS X.
      • Fixed an issue with anchor/link targets not re-using a named target.
      • Fixed a build issue with Gnu-CC on PPC64.
      • Fixed browser.link.open_newwindow functionality.

      Update

      To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Click About Pale Moon and  Check for Updates.




      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...



      Monday, July 01, 2019

      Windows Insider MVP! #WIMVP

      So excited and proud to receive the email announcing that I have been re-awarded Windows Insider MVP again. 

      Windows Insider MVP


      Dear Corrine:

      Congratulations! Thank you for your continued contributions to the Windows community, we are excited to re-award you as a Windows Insider MVP. This award is a token of our appreciation, your leadership and passion help make Windows the best yet. We look forward to our on-going collaboration with you and all of our Windows Insider MVPs as we continue to strengthen the Windows Insider MVP (WI MVP) Program.

      References:


      Home
      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...

      Thursday, June 27, 2019

      Microsoft Windows 10 Cumulative Updates



      Microsoft released cumulative updates with non-security improvements and fixes for Windows 10 Version 1903 today and Versions 1703, 1709, 1803 and 1809 yesterday.  Also included in the Windows 10 Version 1903 update is KB4502584, a cumulative update for .NET Famework 3.5, 4.8.

      To view the improvements and features as well as known issues with accompanying work-around, see the following KB articles for your version of Windows 10:

      To download and install the update, go to Settings > Update and Security Windows Update and select Check for updates. If you are using Windows Update, the latest SSU (Service Stack Update) will be offered to you automatically. However, to get the standalone package for the SSU update, go to the KB article for your version of Windows 10 to obtain the link to the Microsoft Update Catalog website.


      Home
      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...

      Thursday, June 20, 2019

      Mozlla Firefox Version 67.0.4 Released With Another Security Update

      Firefox

      Rapidly following the critical security update two days ago addressing an actively-exploited vulnerability, Mozilla sent Firefox Version 67.0.4 to the release channel today. Also released was Firefox ESR Version 60.7.2.  Both version updates comprise one security update rated high.

      High


          Update:  To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

          References


          Remember - "A day without laughter is a day wasted."
          May the wind sing to you and the sun rise in your heart...

          Tuesday, June 18, 2019

          Microsoft Cummulative Update for Windows 10 Version 1809



          Microsoft has released a cumulative update with non-security improvements and fixes for Windows 10 Version 1809.  The update includes a large number of quality improvements.  There are also several "known issues" in the update, with the one most helpful to know before updating as follows:
          Symptom:
          We are investigating reports that a small number of devices may startup to a black screen during the first logon after installing updates.
          Workaround:
          To mitigate this issue, press Ctrl+Alt+Delete, then select the Power button in the lower right corner of the screen and select Restart. Your device should now restart normally.
          We are working on a resolution and will provide an update in an upcoming release.

          To view the improvements and features and review the other known issues, see the following:  4501371 (OS Build 17763.592)

          To download and install this update, go to Settings > Update and Security Windows Update and select Check for updates.
          If you are using Windows Update, the latest SSU (KB4504369) will be offered to you automatically. However, to get the standalone package for the SSU update, go to the Microsoft Update Catalog website.


          Home
          Remember - "A day without laughter is a day wasted."
          May the wind sing to you and the sun rise in your heart...

          Mozilla Firefox Version 67.0.3 Released With Critical Security Update

          Firefox

          Mozilla sent Firefox Version 67.0.3 to the release channel today. Also released was Firefox ESR Version 60.7.1.  Both version updates comprise one critical security update.

          Critical


              Update:  To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

              References


              Remember - "A day without laughter is a day wasted."
              May the wind sing to you and the sun rise in your heart...

              Friday, June 14, 2019

              Adobe Acrobat DC and Acrobat Reader DC Update for Windows

              Adobe

              Adobe has released an optional update for Acrobat DC and Acrobat Reader DC to version 2019.012.20035. The update is a hotfix patch for Windows only that addresses some important bug fixes.  

              From the Release Notes:
              • Forms 4276861: Acrobat Reader crashes on clicking “Enable All Features” button in Protected View mode while opening a Dynamic Form and windbg being set to default debugger.
              • Browser 4276070: Error 103.103 while opening files from the SAP application on Internet Explorer.
              • CEF Infra 4275980: Adobe Reader DC creates blob_storage folder on network location in certain cases.
              Update

              Update checks can be manually activated by choosing Help/Check for Update or download the installer from here
              Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

              References




              Home
              Remember - "A day without laughter is a day wasted."
              May the wind sing to you and the sun rise in your heart...



              Tuesday, June 11, 2019

              Microsoft Security Updates for June, 2019



              The June security updates have been released and consist of 88 CVEs and 4 advisories. Of these 88 CVEs, 21 are rated Critical and 66 are rated Important and 1 Moderate in severity. Four are listed as publicly known and none are listed as under active attack at the time of release.

              The updates address Remote Code Execution, Information Disclosure, Spoofing, Elevation of Privilege, Denial of Service,  Security Feature Bypass, and Tampering.  They apply to the following:  Adobe Flash Player, Microsoft Windows, Internet Explorer, Microsoft Edge, Microsoft Office and Microsoft Office Services and Web Apps, ChakraCore, Skype for Business and Microsoft Lync, Microsoft Exchange Server and Azure.


              Known Issues:  See the Known Issues and accompanying work-around in the KB Articles:

              KB Article Applies To
              4493730 Windows Server 2008 Service Pack 2 Servicing stack update
              4503027 Exchange Server 2019, Exchange Server 2016
              4503028 Exchange Server 2010 Service Pack 3, Exchange Server 2013
              4503263 Windows Server 2012 (Security-only update)
              4503267 Windows 10, version 1607, Windows Server 2016
              4503276 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
              4503279 Windows 10, version 1703
              4503284 Windows 10, version 1709
              4503285 Windows Server 2012 (Monthly Rollup)
              4503286 Windows 10, version 1803
              4503290 Windows 8.1 Windows Server 2012 R2 (Security-only update)
              4503291 Windows 10
              4503292 Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Security-only update)
              4503293 Windows 10, version 1903
              4503327 Windows 10, version 1809, Windows Server 2019

              Recommended Reading:  

              See Dustin Childs review and analysis in Zero Day Initiative — The June 2019 Security Update Review.

              For more information about the updates released today, see https://portal.msrc.microsoft.com/en-us/security-guidance/summary.  Updates can be sorted by OS from the search box. Information about the update for Windows 10 is available at Windows 10 Update history.

              Additional Update Notes:

              • Adobe Flash Player -- For Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1 and Windows 10, Adobe Flash Player is now a security bulletin rather than a security advisory and is included with the updates as identified above.
              • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.  Note:  Users who are paranoid about the remote possibility of a FP can opt to run this tool from a Command Prompt, appending a   /N   parameter [for "detect only" mode].
              • Servicing Stack Updates -- A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update. 
              • Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are also available via the Microsoft Update Catalog.
              • For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
              • Windows Update History:

              References


              Remember - "A day without laughter is a day wasted."
              May the wind sing to you and the sun rise in your heart...