Wednesday, March 25, 2020

Pale Moon Version 28.9.0.2


Pale Moon
Pale Moon version 28.9.0.2 has been released.   From the announcement at Pale Moon updated to 28.9.0.2 - Pale Moon forum:

"This is a small but critical update to the browser to address various run-time operation issues due to a bug in the browser's start-up code.

If you are currently having issues with the browser handling form history, session restore, or compatibility with various websites, please update."
From the Release Notes

This is a small bugfix update addressing 2 more important issues in 28.9.0:
  • Fixed an issue with browser migration and initialization code causing various browser run-time problems.
  • Fixed an issue with cache behavior where some users would have trouble having their windows and tabs restored in "soft refresh" mode (see v28.9.0 release notes). To solve this, we reverted to the previous (pull from cache) mode for now while we investigate the cause.

Linux versions for this update will follow very shortly!


UpdateTo get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Click About Pale Moon and  Check for Updates.


Release Notes


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Tuesday, March 24, 2020

Pale Moon Version 28.9.0.1 Released


Pale Moon
Pale Moon version 28.9.0.1 has been released.  This is a small but critical update to address user-agent overrides (used for a number of major websites) not working as they should.

Linux versions for this update will follow very shortly!



UpdateTo get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Click About Pale Moon and  Check for Updates.


Release Notes:


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...



Microsoft Cumulative Update for Windows 10 Versions 1909 and 1903



Microsoft released cumulative update KB 4541335 with non-security improvements and fixes for Windows 10 Versions 1909 and 1903 today.  From the KB Article:
 "Windows 10, versions 1903 and 1909 share a common core operating system and an identical set of system files. As a result, the new features in Windows 10, version 1909 were included in the recent monthly quality update for Windows 10, version 1903 (released October 8, 2019), but are currently in a dormant state. These new features will remain dormant until they are turned on using an enablement package, which is a small, quick-to-install “master switch” that simply activates the Windows 10, version 1909 features.
To reflect this change, the release notes for Windows 10, version 1903 and Windows 10, version 1909 will share an update history page. Each release page will contain a list of addressed issues for both 1903 and 1909 versions. Note that the 1909 version will always contain the fixes for 1903; however, 1903 will not contain the fixes for 1909. This page will provide you with the build numbers for both 1909 and 1903 versions so that it will be easier for support to assist you if you encounter issues.
For more details about the enablement package and how to get the feature update, see the Windows 10, version 1909 delivery options blog."
In addition, Microsoft made the change below and documented in the Windows message center:
"Timing for upcoming Windows optional C and D releases
We have been evaluating the public health situation, and we understand this is impacting our customers. In response to these challenges we are prioritizing our focus on security updates. Starting in May 2020, we are pausing all optional non-security releases (C and D updates) for all supported versions of Windows client and server products (Windows 10, version 1909 down through Windows Server 2008 SP2).

There is no change to the monthly security updates (B release – Update Tuesday); these will continue as planned to ensure business continuity and to keep our customers protected and productive."
 The update includes non-security quality improvements and there are currently no known issues with the update. The highlights listed are as follows:
  • Updates an issue that causes an error when printing to a document share. 
  • Updates a performance issue in applications that occurs when content that is protected by digital rights management (DRM) plays or is paused in the background. 
  • Updates an issue that prevents the mute button from working on certain devices with the Microsoft Your Phone app. 
  • Updates an issue that prevents applications from closing. 
  • Updates an issue that causes calendar dates to appear on the wrong day of the week in the clock and date region of the notification area when you select the Samoa time zone. 
  • Updates an issue that causes applications to close unexpectedly when a user enters East Asian characters after changing the keyboard layout. 
To download and install the update, go to Settings -> Update and Security ->  Windows Update and select Check for updates.  The standalone package for this update is available in the Microsoft Update Catalog.  In addition, with Windows Update, the latest SSU (KB4541338) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the Microsoft Update Catalog.

Windows 10 update history

Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Pale Moon Version 28.9.0 Released With Security-Related Fixes


Pale Moon
Pale Moon version 28.9.0 has been released.  The update is a major development update with new features, changes/fixes as well as security-related fixes.

The update includes DiD ("Defense-in-Depth") updates.  A DiD update is s a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

From the Release Notes:

New features:
  • Implemented asynchronous iterators (await iterator.next() and for await loops) (ES2018)
  • Implemented promise-based media playback.
  • Implemented non-standard legacy CSSStyleSheet rules functions.
  • Implemented the html5 element. To switch this on, flip dom.dialog_element.enabled to true.
  • Implemented the optional hiding of pinned tabs in CtrlTab/AllTab panes. (controlled through the preferences browser.ctrlTab.hidePinnedTabs and browser.allTabs.hidePinnedTabs)
  • Added 1.25x playback speed to html media elements.
  • Added a hidden pref (browser.places.smartBookmarks.max) to control the sizes of default smart bookmarks categories.
Changes/fixes:
  • Aligned document.open() with the overhauled specification.
  • Aligned the way DOM styles are computed with mainstream browser behavior.
  • Removed the (unused) DOM promise implementation.
  • Enabled seeking to next frame in media files.
  • Enabled dynamic UA updates for emergency use.
  • Implemented rule processing stub for font-variation-settings.
  • Increased the maximum XML nesting depth to 2048 levels for extreme corner cases and to conservatively align with other browsers.
  • Improved the privacy of geolocation lookup calls, with thanks to a generous service donation from ip-api.com
  • Improved reporting of the operating system in site-specific user-agent overrides.
  • Improved table drawing performance again after the rewrite for sticky positioning making it slower.
  • Updated CSP processing to allow custom scheme wildcards to be specified without a port.
  • Aligned the behavior of outlines with other browsers when dealing with CSS-repositioned elements.
  • Changed the way hardware acceleration is controlled from the application.
  • Changed the default monospace font for main languages from Courier New to Consolas.
    This provides a more balanced font for fixed-width text that is slightly more condensed and more in line with the naturally compacter variable-width fonts used everywhere else.
  • Changed the browser's behavior when restoring tabs from previous sessions. To prevent stale pages, it will now by default perform a "soft refresh" of the page instead of drawing it purely from cache without checking if the page needs updating. If you prefer the old behavior, set browser.sessionstore.cache_behavior to 0 in about:config.
  • Updated NSPR to 4.24 and NSS to ~3.48.1-RTM, removing the previous custom patch level with NSS being able to support custom rounds for DBM now.
    For extensive release notes with all NSS changes, see NSS_Releases
  • Implemented an NSS performance optimization for Master Password use with limited effect.
  • Fixed some potential crashing scenarios with WebGL on Linux.
  • Completely removed showModalDialog.
  • Disabled some logging in production builds.
  • Removed various gadgeteering/redundant/dead DOM APIs (casting/presentation, FlyWeb)
  • Removed support for a number of critical libraries being system-supplied.
  • Removed "Copy raw data" button from the troubleshooting information page, since it's never used by us in that format, and users mistakenly keep using it instead of copying text.
  • Removed a bunch of Android and iOS support code.
  • Fixed an issue with form elements sometimes being incorrectly disabled.
  • Fixed several crashes.
  • Fixed an issue with Captive Portal detection sometimes firing even when disabled by the user.
  • Performed various tree-wide code cleanups.
  • Backed out a large code cleanup patch for causing subtle issues in website operation (e.g. WordPress). This will have to be revisited later; the reintroduced code is not in use in practice.
  • Cleaned up the application updater code.
Security-related fixes:
  • Fixed a potential pointer issue issue in cubeb. DiD
  • Disabled allowing remote jar: URIs by default for security reasons. If you need this functionality for your non-standard environment, you can enable it with the preference network.jar.block-remote-files, but please consider moving away from this method of providing web-based applications.
  • Removed a potentially dangerous and otherwise ineffective optimization from the JavaScript engine.
  • Fixed unwanted behavior where created/focused pop-up windows could potentially cover the DOM fullscreen notification, hiding it from users. (CVE-2020-6810)
  • Fixed an issue where copying data as a curl request from developer tools would not properly escape parameters. (CVE-2020-6811)
  • Updated our sctp library code with several upstream fixes.
  • Unified XUL Platform Mozilla Security Patch Summary: 4 fixed, 3 already mitigated, 1 rejected, 11 not applicable.

UpdateTo get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Click About Pale Moon and  Check for Updates.




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...



Tuesday, March 17, 2020

Adobe Acrobat DC and Reader DC Security Updates Released

Adobe
Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Release date:  March 17, 2020
Vulnerability identifier: APSB20-13
Platform: Windows and MacOS

Update or Complete Download

Reader DC and Acrobat DC were updated to version 20.006.20042.

 Update checks can be manually activated by choosing Help/Check for Updates. 
Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

References





Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...



Thursday, March 12, 2020

KB4551762 Released for WIndows 10 Versions 1903 and 1909 to Address CVE-2020-0796



Microsoft released KB4551762 to Address CVE-2020-0796.  From CVE-2020-0796 | Windows SMBv3 Client/Server Remote Code Execution Vulnerability:
"A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server or client.

To exploit the vulnerability against a server, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv3 server. To exploit the vulnerability against a client, an unauthenticated attacker would need to configure a malicious SMBv3 server and convince a user to connect to it.

The security update addresses the vulnerability by correcting how the SMBv3 protocol handles these specially crafted requests."

KB 4551762:  This update is for Windows 10 Versions 1903 and 1909.

Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Wednesday, March 11, 2020

Adobe Flash Player Update Released


Adobe Flashplayer

Adobe released Version 32.0.0.344 of Adobe Flash Player for Windows, macOS, Linux and Chrome OS. The update has important bug fixes.

Release date:  March 11, 2020
Vulnerability identifier:  None
Platform:  Windows, Macintosh, Linux and Chrome OS

Update:

*Important Note:  Downloading the update from the Adobe Flash Player Download Center link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras that you do not want.  They are not needed for the Flash Player update.

    Verify Installation

    To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

    Do this for each browser installed on your computer.

    To verify the version of Adobe Flash Player for Android, go to Settings/Applications/Manage Applications/Adobe Flash Player x.x.

    References



    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...









    Tuesday, March 10, 2020

    Microsoft March 2020 Security Updates



    The Microsoft March security updates have been released and consist of 115 CVEs. Of these 26 CVEs, rated Critical, 88 Important, and 1 rated Important in severity. None of the bugs being patched are listed as being publicly known or under active attack at the time of release.

    The updates apply to the following:  Microsoft Windows, Microsoft Edge(EdgeHTML-based), Microsoft Edge (Chromium-based), ChakraCore, Internet Explorer, Microsoft Exchange Server, Microsoft Office and Microsoft Office Services and Web Apps, Azure DevOps, Windows Defender, Visual Studio, Open Source Software, Azure, and Microsoft Dynamics.

    As of the time of this posting, Adobe has not released updates for Flash Player.

    The KBs listed below contain information about known issues with the security updates.

    Known Issues

    4538032 Visual Studio
    4538461 Windows 10 Version 1809, Windows Server 2019
    4540123 Microsoft Exchange Server
    4540670 Windows 10, version 1607, Windows Server 2016
    4540671 Internet Explorer
    4540673 Windows 10, version 1809, Windows Server version 1809, Windows 10, version 1809, Windows Server version 1809
    4540688 Windows 7, Windows Server 2008 R2 (Monthly Rollup)
    4540694 Windows Server 2012 (Security-only update)
    4541500 Windows 7, Windows Server 2008 R2 (Security-only update)
    4541504 Windows Server 2008 (Security-only update)
    4541505 Windows 8.1, Windows Server 2012 R2 (Security-only update)
    4541506 Windows Server 2008 Service Pack 2 (Monthly Rollup)
    4541509 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
    4541510 Windows Server 2012 (Monthly Rollup)

    Recommended Reading:  

    See Dustin Childs review and analysis in Zero Day Initiative — The March 2020 Security Update Review.

    For more information about the updates released today, see https://portal.msrc.microsoft.com/en-us/security-guidance/summary.  Updates can be sorted by OS from the search box. Information about the update for Windows 10 is available at Windows 10 Update history.

    Additional Update Notes:

    • Adobe Flash Player -- For Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1 and Windows 10, Adobe Flash Player is now a security bulletin rather than a security advisory and is included with the updates as identified above.
    • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.  Note:  Users who are paranoid about the remote possibility of a FP can opt to run this tool from a Command Prompt, appending a   /N   parameter [for "detect only" mode].
    • Servicing Stack Updates -- A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update. Learn more about SSU's in Servicing Stack Updates (SSU)
    • Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are also available via the Microsoft Update Catalog.
    • For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
    • Windows Update History:

    References


    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...





    Mozilla Firefox Version 74.0 Released With Security Updates

    Firefox

    Mozilla sent Firefox Version 74.0 to the release channel today.  The update included twelve (12) security updates of which five (5) are high, six (6) are moderate and one (1) are rated low.

    Also released was Firefox ESR Version 68.6.

    High


    Moderate


    Low

    New

    • Your login management has improved with the ability to reverse alpha sort (Name Z-A) in Lockwise, which you can access under Logins and Passwords.
    • Firefox now makes importing your bookmarks and history from the new Microsoft Edge browser on Windows and Mac simple.
    • Add-ons installed by external applications can now be removed using the Add-ons Manager (about:addons). Going forward, only users can install add-ons; they cannot be installed by an application.
    • Facebook Container prevents Facebook from tracking you around the web - Facebook logins, likes, and comments are automatically blocked on non-Facebook sites. But when we need an exception, you can now create one by adding custom sites to the Facebook Container.
    • Firefox now provides better privacy for your web voice and video calls through support for mDNS ICE by cloaking your computer’s IP address with a random ID in certain WebRTC scenarios.

    Fixed

    • We have fixed issues involving pinned tabs such as being lost. You should also no longer see them reorder themselves.

    Changed

    • When a video is uploaded with a batch of photos on Instagram, the Picture-in-Picture toggle would sit atop of the “next” button. The toggle is now moved allowing you to flip through to the next image of the batch.
    • On Windows, Ctrl+I can now be used to open the Page Info window instead of opening the Bookmarks sidebar. Ctrl+B still opens the Bookmarks sidebar making keyboard shortcuts more useful for our users.
    • We have disabled TLS 1.0 and TLS 1.1 to improve your website connections. Sites that don't support TLS version 1.2 will now show an error page.
    Update:  To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

    References


    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    Sunday, March 01, 2020

    Pale Moon Version 28.8.4 Released with Security Update


    Pale Moon
    Pale Moon has been updated to version 28.8.4The update is a small web compatibility and security update.  Linux versions will follow shortly.

    The update includes a DiD ("Defense-in-Depth") update.  A DiD update is s a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

    From the Release Notes:

    Changes/fixes:
    • Implemented optional catch binding (ES2019).
    • Fixed a hazardous crash related to module scripting.

    UpdateTo get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Click About Pale Moon and  Check for Updates.




    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...



    Tuesday, February 18, 2020

    Firefox Version 73.0.1 Released

    Firefox

    Mozilla sent Firefox Version 73.0.1 to the release channel today with a number of fixes.  Firefox ESR Version remains at Version 68.5.

    Fixed

    • Fixed crashes on Windows systems running third-party security software such as 0patch or G DATA (bug 1610790)
    • Fixed loss of browser functionality in certain circumstances such as running in Windows compatibility mode or having custom anti-exploit settings (bug 1614885)
    • Resolved problems connecting to the RBC Royal Bank website (bug 1613943)
    • Fixed Firefox unexpectedly exiting when leaving Print Preview mode (bug 1611133)
    • Fixed crashes when playing encrypted content on some Linux systems (bug 1614535)

    Update:  To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

    References


    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...


    Pale Moon Version 28.8.3 Released with Security Updates


    Pale Moon
    Pale Moon has been updated to version 28.8.3 as a bugfix and security update. 

    The update includes two DiD ("Defense-in-Depth") updates.  A DiD update is s a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

    From the Release Notes:


    Changes/fixes:
    • Fixed an issue in CSP blocking requests without a port for custom schemes.
    • Fixed a potentially hazardous crash in layers.
    • Fixed random crashes on some sites using IndexedDB.
    • Changed the way the application can be invoked from the command-line to prevent a whole class of potential exploits involving modified omnijars.
      If your special-needs environment requires that you launch the browser with custom browser/gre omnijars from the command-line, you must set the UXP_CUSTOM_OMNI environment variable before launch from this point forward.
    • Fixed an issue in the html parser after using HTML5 template tags, allowing JavaScript parsing and execution when it should not be allowed, risking XSS vulnerabilities on sites relying on correct operation of the browser. (CVE-2020-6798)
    • Unified XUL Platform Mozilla Security Patch Summary: 2 fixed, 2 DiD, 10 not applicable.

    UpdateTo get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Click About Pale Moon and  Check for Updates.




    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...



    Tuesday, February 11, 2020

    Microsoft February 2020 Security Updates



    The Microsoft February security updates have been released and consist of 99 CVEs. Of these 12 CVEs, rated Critical and 83 are rated Important in severity. According to Microsoft, five of these bugs are publicly known and one is currently under active attack.

    The updates apply to the following:  Microsoft Windows, Microsoft Edge (EdgeHTML-based), Microsoft Edge Chromium-based), ChakraCore, Internet Explorer, Microsoft Exchange Server, Microsoft SQL Server, Microsoft Office and Microsoft Office Services and Web Apps, Windows Malicious Software Removal Tool, and Windows Surface Hub.

    The following KBs contain information about known issues with the security updates.

    Known Issues

    KB Article Applies To
    4532691 Windows 10 Version 1809, Windows Server 2019
    4536987 Microsoft Exchange Server 2016 & 2019
    4536988 Microsoft Exchange Server 2013
    4536989 Microsoft Exchange Server 2010
    4537762 Windows 10, version 1803, Windows Server version 1803
    4537764 Windows 10, version 1607, Windows Server 2016
    4537776 Windows 10
    4537789 Windows 10, version 1709
    4537794 Windows Server 2012 (Security-only update)
    4537803 Windows 8.1, Windows Server 2012 R2 (Security-only update)
    4537813 Windows 7, Windows Server 2008 R2 (Security-only update)
    4537814 Windows Server 2012 (Monthly Rollup)
    4537821 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)

    Recommended Reading:  

    See Dustin Childs review and analysis in Zero Day Initiative — The February 2020 Security Update Review.

    For more information about the updates released today, see https://portal.msrc.microsoft.com/en-us/security-guidance/summary.  Updates can be sorted by OS from the search box. Information about the update for Windows 10 is available at Windows 10 Update history.

    Additional Update Notes:

    • Adobe Flash Player -- For Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1 and Windows 10, Adobe Flash Player is now a security bulletin rather than a security advisory and is included with the updates as identified above.
    • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.  Note:  Users who are paranoid about the remote possibility of a FP can opt to run this tool from a Command Prompt, appending a   /N   parameter [for "detect only" mode].
    • Servicing Stack Updates -- A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update. Learn more about SSU's in Servicing Stack Updates (SSU)
    • Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are also available via the Microsoft Update Catalog.
    • For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
    • Windows Update History:

    References


    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...





    Adobe Acrobat DC and Reader DC Security Updates Released

    Adobe
    Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical, important and moderate vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.

    Release date:  February 11, 2019
    Vulnerability identifier: APSB20-05
    Platform: Windows and MacOS

    Update or Complete Download

    Reader DC and Acrobat DC were updated to version 20.006.20034.

     Update checks can be manually activated by choosing Help/Check for Updates. 
    Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

    References





    Home
    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...



    Adobe Flash Player Critical Security Update Released


    Adobe Flashplayer

    Adobe released Version 32.0.0.330 of Adobe Flash Player for Windows, macOS, Linux and Chrome OS. The updates address a critical vulnerability in Adobe Flash Player. Successful exploitation could lead to arbitrary code execution in the context of the current user.

    Release date:  February 11, 2020
    Vulnerability identifier:  APSB20-06
    Platform:  Windows, Macintosh, Linux and Chrome OS

    Update:

    *Important Note:  Downloading the update from the Adobe Flash Player Download Center link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras that you do not want.  They are not needed for the Flash Player update.

      Verify Installation

      To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

      Do this for each browser installed on your computer.

      To verify the version of Adobe Flash Player for Android, go to Settings/Applications/Manage Applications/Adobe Flash Player x.x.

      References



      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...









      Mozilla Firefox Version 73.0 Released With Security Updates

      Firefox

      Mozilla sent Firefox Version 73.0 to the release channel today.  The update included seven (7) security updates of which four (4) are high and three (3) rated moderate.

      Also released was Firefox ESR Version 68.5.

      High

      Moderate

      New

      • Today’s Firefox release includes two features that help users view and read website content more easily, quickly. Like all accessibility improvements, these features improve browsing for everyone.
        • Firefox has offered a page zoom feature for more than a decade that allows users to set the zoom level on a per-site basis. For users who need to zoom most websites, having to adjust zoom for each new site can be an annoyance. To address this, we have implemented a new global default zoom level setting. This option is available in about:preferences under "Language and Appearance" and can be scaled up or down from 100% as needed and sets the default zoom level for all sites. Per-site zoom is still available to make adjustments to individual sites as needed.
        • Many users with low vision rely on Windows' High Contrast Mode to make websites more readable. Traditionally, to increase the readability of text, Firefox has disabled background images when High Contrast Mode is enabled. With today’s release of Firefox 73, we introduce a “readability backplate” solution which places a block of background color between the text and background image. Now, websites in High Contrast Mode are more readable without disabling background images.

      Fixed

      • Improved audio quality when playing back audio at a faster or slower speed.
      • Firefox will now only prompt you to save logins if a field in a login form was modified.

      Changed

      • WebRender will roll out to laptops with Nvidia graphics cards with drivers newer than 432.00, and screen sizes smaller than 1920x1200.
      Update:  To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

      References


      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...

      Tuesday, February 04, 2020

      Pale Moon Version 28.8.2.1 Released


      Pale Moon
      Pale Moon has been updated to version 28.8.2.1.  This is a minor release in response to YouTube deprecating their old web UI. This change will enable the new YouTube UI by default.

      From the Release Notes:
      "This is a minor release in response to YouTube deprecating their old web UI. This change will enable the new YouTube UI by default."
      UpdateTo get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Click About Pale Moon and  Check for Updates.




      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...



      Tuesday, January 28, 2020

      Pale Moon Version 28.8.2 Released


      Pale Moon
      Pale Moon has been updated to version 28.8.2 as a small bugfix and compatibility update.

      From the Release Notes:


      Changes/fixes:
      • Reverted the addition of JavaScript regular expression lookarounds since the implementation caused crashes. We'll have to revisit this later.
      • Fixed an issue where FTP servers would hang the browser if they were not sending answers according to the protocol specification.
      • Added a workaround for GitHub trying to enforce more Google-isms (which we don't support at this time) to browsers that identify as "Firefox-alike".

      UpdateTo get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Click About Pale Moon and  Check for Updates.




      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...



      Tuesday, January 21, 2020

      Adobe Flash Player Update


      Adobe Flashplayer

      Adobe released Version 32.0.0.321 of Adobe Flash Player for Windows, macOS, Linux and Chrome OS to provide a minor update to refresh a content security certificate used in Adobe's DRM system.

      Release date:  January 21, 2020
      Vulnerability identifier: None
      Platform:  Windows, Macintosh, Linux and Chrome OS

      Update:

      *Important Note:  Downloading the update from the Adobe Flash Player Download Center link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras that you do not want.  They are not needed for the Flash Player update.

        Verify Installation

        To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

        Do this for each browser installed on your computer.

        To verify the version of Adobe Flash Player for Android, go to Settings/Applications/Manage Applications/Adobe Flash Player x.x.

        References



        Remember - "A day without laughter is a day wasted."
        May the wind sing to you and the sun rise in your heart...









        Monday, January 20, 2020

        Mozilla Firefox Version 72.0.2 Released

        Firefox

        Mozilla sent Firefox Version 72.0.2 to the release channel today.  The update fixes various issues as well as including stability fixes.

        Also released was Firefox ESR Version 68.4.2

        Fixes
        • Various stability fixes
        • Fixed issues opening files with spaces in their path (bug 1601905)
        • Fixed a hang opening about:logins when a master password is set (bug 1606992)
        • Fixed a web compatibility issue with CSS Shadow Parts which shipped in Firefox 72 (bug 1604989)
        • Fixed inconsistent playback performance for fullscreen 1080p videos on some systems (bug 1608485)
        Update:  To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

        References


        Remember - "A day without laughter is a day wasted."
        May the wind sing to you and the sun rise in your heart...

        Friday, January 17, 2020

        Microsoft Security Advisory for Remote Code Execution Vulnerability in IE

        Security Advisory

        Microsoft released Security Advisory ADV200001 for a remote code execution vulnerability with limited active attacks in Internet Explorer.  The issue is described as the way that the scripting engine handles objects in memory in Internet Explorer. As described in the advisory:
        "The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."
        In the event you use Internet Explorer, it is strongly advised that you follow the instructions at the bottom of the Advisory to restrict access to JScript.dll as a workaround.

        References


        Remember - "A day without laughter is a day wasted."
        May the wind sing to you and the sun rise in your heart...