Thursday, February 28, 2019

Mozilla Firefox Version 65.0.2 Released


Firefox Mozilla sent Firefox Version 65.0.2 to the release channel today to fix one issue.  Firefox ESR has been updated to Version 60.5.2.

Fixed

    • Fixed an issue with geolocation services affecting Windows users

      Update:  To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

      References


      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...

      Tuesday, February 26, 2019

      Adobe Shockwave Player EoL (End of Life)

      Shockwave Player

      Home
      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...

      Thursday, February 21, 2019

      Adobe Acrobat DC and Reader DC Critical Security Update Released

      Adobe

      Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address a reported bypass to the fix for CVE-2019-7089 first introduced in 2019.010.20091, 2017.011.30120 and 2015.006.30475 and released on February 12, 2019. Successful exploitation could lead to sensitive information disclosure in the context of the current user.    

      Release date:  February 21, 2019
      Vulnerability identifier: APSB19-13
      Platform: Windows and MacOS

      Update or Complete Download

      Reader DC and Acrobat DC were updated to version 2019.010.20098. Update checks can be manually activated by choosing Help & Check for Updates. 
      Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.


      References





      Home
      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...



      Tuesday, February 19, 2019

      Pale Moon Version 28.4.0 Released with Security Updates


      Pale Moon
      Pale Moon has been updated to version 28.4.0.  This is a major development, stability and security release. The Linux versions will follow later today.

      A fix identified as "DiD" ("Defense-in-Depth") means that it is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered. 

      From the Release Notes:


      Security fixes:
      • Fixed a potential use-after-free in IndexedDB code. (DiD)
      • Improved proxy handling to avoid localhost getting proxied. (CVE-2018-18506)
      • Ported upstream Skia fixes. (CVE-2018-18356, CVE-2018-18335)
      • Fixed an additional Skia issue. (CVE-2019-5785)
      • Fixed several potentially-exploitable memory safety hazards and crashes. (DiD)
      • Fixed a possible data race when performing compacting GC.
      Changes/fixes:
      • Removed more telemetry code from the platform.
      • Fixed implementation of the IntersectionObserver API to avoid crashes, and enabled it by default.
      • Switched to the new ffmpeg decode API to avoid dropping of frames.
      • Fixed a buffering issue in the WebP decoder that caused intermittent browser crashes.
      • Improved resource-efficiency for internal stopwatch timers.
      • Improved handling of incorrectly-encoded CTTS in media files, resolving some playback issues of videos.
      • Improved the Cycle Collector and Garbage Collector.
      • Improved fullscreen navigation bar handling in the situation it has focus when switching to full screen.
      • Aligned instanceof with the final ES6 spec.
      • Improved Windows DIB (bitmap) clipboard data handling.
      • Exposed TLS 1.3 cipher suite prefs in about:config in case people want to disable them individually.
      • Allowed empty string on the location.search setter to clear URL query parameters from JS.
      • Added a potential fix for external links not opening in the current window/tab (untested).
      • Enabled C++11 thread-safe statics in the entire application.
      • Updated several preferences for integration with the new add-ons site.
       Download:

      Update

      To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.




      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...



      Tuesday, February 12, 2019

      Mozilla Firefox Version 65.0.1 Released With Security Updates


      Firefox Mozilla sent Firefox Version 65.0.1 to the release channel today.  Firefox ESR has been updated to Version 60.5.1
      The update included three (3) security updates rated high.

      High

      Fixed

      • Fixed accidental requests to addons.mozilla.org when an addon recommendation doorhanger is shown (bug 1526387)
      • Improved playback of interactive Netflix videos (bug 1524500)
      • Fixed color management not working on macOS (bug 1506495)
      • Fixed incorrect sizing of the "Clear Recent History" window in some situations (bug 1523696)
      • Fixed audio & video delays while making WebRTC calls (bug 1521577 & bug 1523817)
      • Fixed video sizing problems during some WebRTC calls (bug 1520200)
      • Fixed looping CONNECT requests when using WebSockets over HTTP/2 from behind a proxy server (bug 1523427)
      • Fixed the "Enter" key not working on password entry fields for certain Linux distributions (bug 1523635)
      Developer
      • Made support for viewport tags in Responsive Design Mode, initially enabled in Firefox 64, pref-controlled and off by default (bug 1521814). To restore the previous behavior, change the devtools.responsive.metaViewport.enabled pref to true.

      Update:  To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

      References


      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...

      Microsoft February Security Updates Released



      The February security updates have been released and consist of 77 CVE's and three security advisories in which 20 are rated Critical, 54 are rated Important, and three are rated Moderate in severity. Four are listed as publicly known and one is listed as being under active attack at the time of release.

      In addition to defense-in-depth updates, the updates address Remote Code Execution, Security Feature Bypass, Information Disclosure, Elevation of Privilege, Spoofing, and Security Feature Bypass  and apply to the following:  Adobe Flash Player, Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office and Microsoft Office Services and Web Apps, ChakraCore, .NET Framework, Microsoft Exchange Server, Microsoft Visual Studio, Azure IoT SDK, Microsoft Dynamics, Team Foundation Server, and Visual Studio Code.

      Important:  A Servicing Stack Update has been released for the following operating systems.  Windows 10 Version 1607, Windows Server 2016, and Windows Server 2016 (Server Core installation); Windows 10 Version 1703; Windows 10 Version 1709 and Windows Server, version 1709 (Server& Core Installation); Windows 10 Version 1803, and Windows Server, version 1803 (Server Core Installation). See the "Additional Update Notes" below for more information.

      Known Issues In the February Update:
      Recommended Reading: 

      Note:  See Dustin Childs review and analysis in
      Zero Day Initiative — The February 2019 Security Update Review.
       
      More:  For more information about the updates released today, see https://portal.msrc.microsoft.com/en-us/security-guidance/summary.  Updates can be sorted by OS from the search box. Information about the update for Windows 10 is available at Windows 10 Update history.

      Additional Update Notes:

      • Adobe Flash Player -- For Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1 and Windows 10, Adobe Flash Player is now a security bulletin rather than a security advisory and is included with the updates as identified above.
      • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.  Note:  Users who are paranoid about the remote possibility of a FP can opt to run this tool from a Command Prompt, appending a   /N   parameter [for "detect only" mode].
      • Servicing Stack Updates -- A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update. 
      • Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
      • Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
      • For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.

      References


      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...





      Adobe Flash Player Security Update Released


      Adobe Flashplayer

      Adobe has released Version 32.0.0.142 of Adobe Flash Player and AIR for Windows, macOS, Linux and Chrome OS. Successful exploitation could lead to information disclosure in the context of the current user.  

      Release date:  February 12, 2019
      Vulnerability identifier: APSB19-06
      Platform:  Windows, Macintosh, Linux and Chrome OS

      Fixed Issues

      • Flash Player:  Assorted security (CVE-2019-7090, Information Disclosure) and functional fixes.

      Update:

      *Important Note:  Downloading the update from the Adobe Flash Player Download Center link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras that you do not want.  They are not needed for the Flash Player update.

        Verify Installation

        To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

        Do this for each browser installed on your computer.

        To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

        References



        Remember - "A day without laughter is a day wasted."
        May the wind sing to you and the sun rise in your heart...









        Adobe Acrobat DC and Reader DC Security Updates Released

        Adobe

        Adobe has released security updates for Adobe Acrobat and Reader for Windows and MacOS to address critical  vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user. The update addresses forty-six (46) CVE's!

        Release date:  February 12, 2019
        Vulnerability identifier: APSB19-07
        Platform: Windows and MacOS

        Update or Complete Download

        Reader DC and Acrobat DC were updated to version 2019.010.20091. Update checks can be manually activated by choosing Help & Check for Updates. 
        Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.


        References





        Home
        Remember - "A day without laughter is a day wasted."
        May the wind sing to you and the sun rise in your heart...