Tuesday, January 28, 2020

Pale Moon Version 28.8.2 Released


Pale Moon
Pale Moon has been updated to version 28.8.2 as a small bugfix and compatibility update.

From the Release Notes:


Changes/fixes:
  • Reverted the addition of JavaScript regular expression lookarounds since the implementation caused crashes. We'll have to revisit this later.
  • Fixed an issue where FTP servers would hang the browser if they were not sending answers according to the protocol specification.
  • Added a workaround for GitHub trying to enforce more Google-isms (which we don't support at this time) to browsers that identify as "Firefox-alike".

UpdateTo get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Click About Pale Moon and  Check for Updates.




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...



Tuesday, January 21, 2020

Adobe Flash Player Update


Adobe Flashplayer

Adobe released Version 32.0.0.321 of Adobe Flash Player for Windows, macOS, Linux and Chrome OS to provide a minor update to refresh a content security certificate used in Adobe's DRM system.

Release date:  January 21, 2020
Vulnerability identifier: None
Platform:  Windows, Macintosh, Linux and Chrome OS

Update:

*Important Note:  Downloading the update from the Adobe Flash Player Download Center link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras that you do not want.  They are not needed for the Flash Player update.

    Verify Installation

    To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

    Do this for each browser installed on your computer.

    To verify the version of Adobe Flash Player for Android, go to Settings/Applications/Manage Applications/Adobe Flash Player x.x.

    References



    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...









    Monday, January 20, 2020

    Mozilla Firefox Version 72.0.2 Released

    Firefox

    Mozilla sent Firefox Version 72.0.2 to the release channel today.  The update fixes various issues as well as including stability fixes.

    Also released was Firefox ESR Version 68.4.2

    Fixes
    • Various stability fixes
    • Fixed issues opening files with spaces in their path (bug 1601905)
    • Fixed a hang opening about:logins when a master password is set (bug 1606992)
    • Fixed a web compatibility issue with CSS Shadow Parts which shipped in Firefox 72 (bug 1604989)
    • Fixed inconsistent playback performance for fullscreen 1080p videos on some systems (bug 1608485)
    Update:  To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

    References


    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    Friday, January 17, 2020

    Microsoft Security Advisory for Remote Code Execution Vulnerability in IE

    Security Advisory

    Microsoft released Security Advisory ADV200001 for a remote code execution vulnerability with limited active attacks in Internet Explorer.  The issue is described as the way that the scripting engine handles objects in memory in Internet Explorer. As described in the advisory:
    "The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."
    In the event you use Internet Explorer, it is strongly advised that you follow the instructions at the bottom of the Advisory to restrict access to JScript.dll as a workaround.

    References


    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...





    Wednesday, January 15, 2020

    Chromium-Based Microsof Edge Released

    Microsoft Edge Logo

    As announced previously, the long-awaited new Microsoft Edge Chromium-based browser has been released.  For consumers, it will be installed in a future update to Windows 10following a measured roll-out via Windows Update over the next several months. The Windows Update schedule for Windows 10 versions is available at Windows updates for Microsoft Edge | Microsoft Docs.

    Having daily used the development version of Microsoft Edge since it was initially made available, the Chromium-based version has proved to be a definite improvement.  Learn about the new features by following the "Learn More" links at Microsoft Edge Browser Features.   

    If you don't want to wait for Windows Update, you can download the new Edge browser today.  It is available for Windows 10, Windows 8.1, Windows 8, Windows 7, macOS, iOS and Android from the download page at Download New Microsoft Edge Browser | Microsoft. Click the arrow to select the version for your device.


    References:
    Home
    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    Tuesday, January 14, 2020

    Oracle Java SE JRE Security Updates

    java

    Oracle released the scheduled critical security updates for its Java SE Runtime Environment software.  This Critical Patch Update contains 12 new security patches for Oracle Java SE.  All of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.

    Update

    If Java is still installed on your computer, it is recommended that this update be applied as soon as possible due to the threat posed by a successful attack.

    Download Information

    Java SE Runtime Environment Version 8u241:  https://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-2133155.html

    Notes:

    • UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.  Preferably, see the instructions below on how to handle "Unwanted Extras".  
    • Oracle does not plan to migrate desktops from Java 8 to Java 9 through the auto update feature.  Therefore, it is strongly recommended that you uninstall JRE 8 prior to updating.
    • Verify your versionhttp://www.java.com/en/download/testjava.jsp.   Note:  The Java version verification page will only work if your browser has NPAPI support.  In that case, to check the version, open a cmd window and enter the following (note the space following Java):  java -version

    Critical Patch Updates

    For Oracle Java SE Critical Patch Updates, the next scheduled dates are as follows:
    • 14 April 2020
    • 14 July 2020
    • 20 October 2020 
    • 19 January 2021

    Unwanted "Extras"

    Although most people do not need Java on their computer, there are some programs and games that require Java.  In the event you need to continue using Java, How-to Geek discovered a little-known and  unpublicized option in the Java Control Panel to suppress the offers for the pre-checked unwanted extras that Oracle has long included with the updates.  Although the Ask Toolbar has been removed, tha does not preclude the pre-checked option for some other unnecessary add-on.

    Do the following to suppress the sponsor offers:
    1. Launch the Windows Start menu
    2. Click on Programs
    3. Find the Java program listing
    4. Click Configure Java to launch the Java Control Panel
    5. Click the Advanced tab and go to the "Miscellaneous" section at the bottom.
    6. Check the box by the “Suppress sponsor offers when installing or updating Java” option and click OK.
    Java suppress sponsor offers

    Java Security Recommendations

    1)  In the Java Control Panel, at minimum, set the security to high.
    2)  Keep Java disabled until needed.  Uncheck the box "Enable Java content in the browser" in the Java Control Panel.
    3)  Instructions on removing older (and less secure) versions of Java can be found at http://java.com/en/download/faq/remove_olderversions.xml

    References




    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...




    Microsoft January 2020 Security Updates



    The Microsoft January security updates have been released and consist of 49 CVEs. Of these 8 CVEs, 7 are rated Critical and 41 are rated Important in severity. None of the patches released this month are listed as publicly known, but one is listed as being actively exploited at the time of release.

    The updates apply to the following:  Microsoft Windows, Internet Explorer, Microsoft Office and Microsoft Office Services and Web Apps, ASP.NET Core, .NET Core, .NET Framework, OneDrive for Android, and Microsoft Dynamics.

    Reminder:  After today (14 January 2020) Windows 7 and Windows Server 2008 R2 will be out of extended support and no longer getting security updates.

    Known IssuesThe following KBs contain information about known issues with the security updates. For a complete list of security update KBs, please see 20200114. For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).

    KB Article Applies To
    4534271 Windows 10, version 1607, Windows Server 2016
    4534273 Windows 10, version 1809, Windows Server version 1809, Windows 10, version 1809, Windows Server version 1809
    4534276 Windows 10, version 1709
    4534283 Windows Server 2012 (Monthly Rollup)
    4534288 Windows Server 2012 (Security-only update)
    4534293 Windows 10, version 1803, Windows Server version 1803
    4534297 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
    4534306 Windows 10
    4534309 Windows 8.1, Windows Server 2012 R2 (Security-only update)

    Recommended Reading:  

    See Dustin Childs review and analysis in Zero Day Initiative — The January 2020 Security Update Review.

    For more information about the updates released today, see https://portal.msrc.microsoft.com/en-us/security-guidance/summary.  Updates can be sorted by OS from the search box. Information about the update for Windows 10 is available at Windows 10 Update history.

    Additional Update Notes:

    • Adobe Flash Player -- For Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1 and Windows 10, Adobe Flash Player is now a security bulletin rather than a security advisory and is included with the updates as identified above.
    • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.  Note:  Users who are paranoid about the remote possibility of a FP can opt to run this tool from a Command Prompt, appending a   /N   parameter [for "detect only" mode].
    • Servicing Stack Updates -- A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update. Learn more about SSU's in Servicing Stack Updates (SSU)
    • Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are also available via the Microsoft Update Catalog.
    • For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
    • Windows Update History:

    References


    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...





    Adobe Flash Update Released


    Adobe Flashplayer

    Adobe released Version 32.0.0.314 of Adobe Flash Player for Windows, macOS, Linux and Chrome OS. Once again, the update contains assorted functional fixes.

    Release date:  January 14, 2020
    Vulnerability identifier: None
    Platform:  Windows, Macintosh, Linux and Chrome OS

    Update:

    *Important Note:  Downloading the update from the Adobe Flash Player Download Center link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras that you do not want.  They are not needed for the Flash Player update.

      Verify Installation

      To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

      Do this for each browser installed on your computer.

      To verify the version of Adobe Flash Player for Android, go to Settings/Applications/Manage Applications/Adobe Flash Player x.x.

      References



      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...









      Saturday, January 11, 2020

      Pale Moon Version 28.8.1 Updated with Security Updates


      Pale Moon
      Pale Moon has been updated to version 28.8.1.  This is an important security and stability release. In addition to fixes identified as "DiD*, the update addresses CVE-2019-17026, which is being actively exploited.  Please update your browser to this version as soon as possible.

      *A fix identified as "DiD" ("Defense-in-Depth") means that it is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered. 

      From the Release Notes:


      Changes/fixes:
      • Fixed a sampling issue in libsoundtouch (DiD)
      • Fixed an issue with a new upcoming Windows 10 feature not honoring Private Browsing mode by default (DiD)
      • Fixed several stability and memory safety hazards. (DiD)
      • Fixed an issue where files could inadvertently be executed with the designated file type handler instead of opened. (CVE-2019-17019)
      • Fixed an issue with the JavaScript JIT compiler that could lead to exploitable crashes. (CVE-2019-17026) actively exploited
      • Unified XUL Platform Mozilla Security Patch Summary: 2 fixed, 7 DiD, 12 not applicable.

      UpdateTo get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Click About Pale Moon and  Check for Updates.




      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...



      Wednesday, January 08, 2020

      Mozilla Firefox Version 72.0.1 Released with Critical Security Update

      Firefox

      Just one day after releasing Firefox Version 72.0, Mozilla sent Firefox Version 72.0.1 to the release channel today.  The update includes one (1) critical security update.

      Also released was Firefox ESR Version 68.4.1

      Critical
      Update:  To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

      References


      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...

      Tuesday, January 07, 2020

      Mozilla Firefox Version 72.0 Released with Security Updates

      Firefox

      Mozilla sent Firefox Version 72.0 to the release channel today.  The update included twelve (12) security updates of which five (5) are high, six (6) are moderate and one (1) rated low.

      Also released was Firefox ESR Version 68.4.

      High
      Moderate
      Low

      New

      • Firefox’s Enhanced Tracking Protection marks a major new milestone in our battle against cross-site tracking: we now block fingerprinting scripts by default for all users, taking a new bold step in the fight for our users’ privacy.
      • Firefox replaces annoying notification request pop-ups with a more delightful experience, by default for all users. The pop-ups no longer interrupt your browsing, in its place, a speech bubble will appear in the address bar when you interact with the site.
      • Picture-in-picture video is now also available in Firefox for Mac and Linux: Select the blue icon from the right edge of a video to pop open a floating window so you can keep watching while working in other tabs or apps. Learn how the feature works.

        Changed

        • Support for blocking images from individual domains has been removed from Firefox, because of low usage and poor user experience.
          Update:  To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

          References


          Remember - "A day without laughter is a day wasted."
          May the wind sing to you and the sun rise in your heart...