Monday, March 30, 2020

Windows 10 Out-of-Band Update To Address Connection Issues



Microsoft released an out-of-band update that addresses the following issue for Windows 10 Versions 1909, 1903, 1803 and 1709:
"Addresses an issue that might display a limited or no internet connection status in the notification area on devices that use a manual or auto-configured proxy, especially with a virtual private network (VPN). Additionally, this issue might prevent some devices from connecting to the internet using applications that use WinHTTP or WinINet."
Important Notes:
  • If you are not experiencing the referenced connectivity issues, it is recommended that the update not be installed.
  • The update is not available via Windows Update.  It is only available from the Microsoft Update Catalog.

Windows 10 update history

Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Wednesday, March 25, 2020

Pale Moon Version 28.9.0.2


Pale Moon
Pale Moon version 28.9.0.2 has been released.   From the announcement at Pale Moon updated to 28.9.0.2 - Pale Moon forum:

"This is a small but critical update to the browser to address various run-time operation issues due to a bug in the browser's start-up code.

If you are currently having issues with the browser handling form history, session restore, or compatibility with various websites, please update."
From the Release Notes

This is a small bugfix update addressing 2 more important issues in 28.9.0:
  • Fixed an issue with browser migration and initialization code causing various browser run-time problems.
  • Fixed an issue with cache behavior where some users would have trouble having their windows and tabs restored in "soft refresh" mode (see v28.9.0 release notes). To solve this, we reverted to the previous (pull from cache) mode for now while we investigate the cause.

Linux versions for this update will follow very shortly!


UpdateTo get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Click About Pale Moon and  Check for Updates.


Release Notes


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Tuesday, March 24, 2020

Pale Moon Version 28.9.0.1 Released


Pale Moon
Pale Moon version 28.9.0.1 has been released.  This is a small but critical update to address user-agent overrides (used for a number of major websites) not working as they should.

Linux versions for this update will follow very shortly!



UpdateTo get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Click About Pale Moon and  Check for Updates.


Release Notes:


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...



Microsoft Cumulative Update for Windows 10 Versions 1909 and 1903



Microsoft released cumulative update KB 4541335 with non-security improvements and fixes for Windows 10 Versions 1909 and 1903 today.  From the KB Article:
 "Windows 10, versions 1903 and 1909 share a common core operating system and an identical set of system files. As a result, the new features in Windows 10, version 1909 were included in the recent monthly quality update for Windows 10, version 1903 (released October 8, 2019), but are currently in a dormant state. These new features will remain dormant until they are turned on using an enablement package, which is a small, quick-to-install “master switch” that simply activates the Windows 10, version 1909 features.
To reflect this change, the release notes for Windows 10, version 1903 and Windows 10, version 1909 will share an update history page. Each release page will contain a list of addressed issues for both 1903 and 1909 versions. Note that the 1909 version will always contain the fixes for 1903; however, 1903 will not contain the fixes for 1909. This page will provide you with the build numbers for both 1909 and 1903 versions so that it will be easier for support to assist you if you encounter issues.
For more details about the enablement package and how to get the feature update, see the Windows 10, version 1909 delivery options blog."
In addition, Microsoft made the change below and documented in the Windows message center:
"Timing for upcoming Windows optional C and D releases
We have been evaluating the public health situation, and we understand this is impacting our customers. In response to these challenges we are prioritizing our focus on security updates. Starting in May 2020, we are pausing all optional non-security releases (C and D updates) for all supported versions of Windows client and server products (Windows 10, version 1909 down through Windows Server 2008 SP2).

There is no change to the monthly security updates (B release – Update Tuesday); these will continue as planned to ensure business continuity and to keep our customers protected and productive."
 The update includes non-security quality improvements and there are currently no known issues with the update. The highlights listed are as follows:
  • Updates an issue that causes an error when printing to a document share. 
  • Updates a performance issue in applications that occurs when content that is protected by digital rights management (DRM) plays or is paused in the background. 
  • Updates an issue that prevents the mute button from working on certain devices with the Microsoft Your Phone app. 
  • Updates an issue that prevents applications from closing. 
  • Updates an issue that causes calendar dates to appear on the wrong day of the week in the clock and date region of the notification area when you select the Samoa time zone. 
  • Updates an issue that causes applications to close unexpectedly when a user enters East Asian characters after changing the keyboard layout. 
To download and install the update, go to Settings -> Update and Security ->  Windows Update and select Check for updates.  The standalone package for this update is available in the Microsoft Update Catalog.  In addition, with Windows Update, the latest SSU (KB4541338) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the Microsoft Update Catalog.

Windows 10 update history

Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Pale Moon Version 28.9.0 Released With Security-Related Fixes


Pale Moon
Pale Moon version 28.9.0 has been released.  The update is a major development update with new features, changes/fixes as well as security-related fixes.

The update includes DiD ("Defense-in-Depth") updates.  A DiD update is s a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

From the Release Notes:

New features:
  • Implemented asynchronous iterators (await iterator.next() and for await loops) (ES2018)
  • Implemented promise-based media playback.
  • Implemented non-standard legacy CSSStyleSheet rules functions.
  • Implemented the html5 element. To switch this on, flip dom.dialog_element.enabled to true.
  • Implemented the optional hiding of pinned tabs in CtrlTab/AllTab panes. (controlled through the preferences browser.ctrlTab.hidePinnedTabs and browser.allTabs.hidePinnedTabs)
  • Added 1.25x playback speed to html media elements.
  • Added a hidden pref (browser.places.smartBookmarks.max) to control the sizes of default smart bookmarks categories.
Changes/fixes:
  • Aligned document.open() with the overhauled specification.
  • Aligned the way DOM styles are computed with mainstream browser behavior.
  • Removed the (unused) DOM promise implementation.
  • Enabled seeking to next frame in media files.
  • Enabled dynamic UA updates for emergency use.
  • Implemented rule processing stub for font-variation-settings.
  • Increased the maximum XML nesting depth to 2048 levels for extreme corner cases and to conservatively align with other browsers.
  • Improved the privacy of geolocation lookup calls, with thanks to a generous service donation from ip-api.com
  • Improved reporting of the operating system in site-specific user-agent overrides.
  • Improved table drawing performance again after the rewrite for sticky positioning making it slower.
  • Updated CSP processing to allow custom scheme wildcards to be specified without a port.
  • Aligned the behavior of outlines with other browsers when dealing with CSS-repositioned elements.
  • Changed the way hardware acceleration is controlled from the application.
  • Changed the default monospace font for main languages from Courier New to Consolas.
    This provides a more balanced font for fixed-width text that is slightly more condensed and more in line with the naturally compacter variable-width fonts used everywhere else.
  • Changed the browser's behavior when restoring tabs from previous sessions. To prevent stale pages, it will now by default perform a "soft refresh" of the page instead of drawing it purely from cache without checking if the page needs updating. If you prefer the old behavior, set browser.sessionstore.cache_behavior to 0 in about:config.
  • Updated NSPR to 4.24 and NSS to ~3.48.1-RTM, removing the previous custom patch level with NSS being able to support custom rounds for DBM now.
    For extensive release notes with all NSS changes, see NSS_Releases
  • Implemented an NSS performance optimization for Master Password use with limited effect.
  • Fixed some potential crashing scenarios with WebGL on Linux.
  • Completely removed showModalDialog.
  • Disabled some logging in production builds.
  • Removed various gadgeteering/redundant/dead DOM APIs (casting/presentation, FlyWeb)
  • Removed support for a number of critical libraries being system-supplied.
  • Removed "Copy raw data" button from the troubleshooting information page, since it's never used by us in that format, and users mistakenly keep using it instead of copying text.
  • Removed a bunch of Android and iOS support code.
  • Fixed an issue with form elements sometimes being incorrectly disabled.
  • Fixed several crashes.
  • Fixed an issue with Captive Portal detection sometimes firing even when disabled by the user.
  • Performed various tree-wide code cleanups.
  • Backed out a large code cleanup patch for causing subtle issues in website operation (e.g. WordPress). This will have to be revisited later; the reintroduced code is not in use in practice.
  • Cleaned up the application updater code.
Security-related fixes:
  • Fixed a potential pointer issue issue in cubeb. DiD
  • Disabled allowing remote jar: URIs by default for security reasons. If you need this functionality for your non-standard environment, you can enable it with the preference network.jar.block-remote-files, but please consider moving away from this method of providing web-based applications.
  • Removed a potentially dangerous and otherwise ineffective optimization from the JavaScript engine.
  • Fixed unwanted behavior where created/focused pop-up windows could potentially cover the DOM fullscreen notification, hiding it from users. (CVE-2020-6810)
  • Fixed an issue where copying data as a curl request from developer tools would not properly escape parameters. (CVE-2020-6811)
  • Updated our sctp library code with several upstream fixes.
  • Unified XUL Platform Mozilla Security Patch Summary: 4 fixed, 3 already mitigated, 1 rejected, 11 not applicable.

UpdateTo get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Click About Pale Moon and  Check for Updates.




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...



Friday, March 20, 2020

"So how did I get infected in the first place?"


Updated from the original article by Tony Klein. (See Note*)

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

"So how did I get infected in the first place?"


You usually get infected because your security settings are too low.

Here are a number of recommendations that will help tighten them, and which will contribute to making you a less likely victim:


Safe Computing Practices

1.  Keep your Windows updated! 

It is important always to keep current with the latest security fixes from Microsoft. This can patch many of the security holes through which attackers can infect your computer.  Either enable Automatic Updates or get into the habit of checking for Windows updates regularly.

Operating Systems

Only Windows 8.x and Windows 10 are still officially being supported. Windows XP reached end of support April 8, 2014, Windows Vista reached end of support April 17, 2017, and Windows 7 reached end of support January 20, 2020. Windows 8.x extended support ends January 10, 2023.  

For Windows 10 Versions, see the Windows lifecycle fact sheet noting that many versions have reached the end of support.  Additionally note that "Microsoft will continue to support at least one Windows 10 Semi-Annual Channel until October 14, 2025.  

To update Windows 8.x and Windows 10 do the following:
  • Windows 8.x:  Open the Search charm, enter "Turn automatic updating on or off", and tap or click Settings to find it.
  • Windows 10:  Go to Start > Settings > Update & Security.

Updates (even some old updates for Windows XP, Windows Vista and Windows 7) can be downloaded from the Microsoft Update Catalog.  To see what updates have been released see Windows Update History:  
2.  Update 3rd Party Software Programs

The importance of updating third-party software is evidenced by the report by AV-TEST in which it is stated, "Adobe’s Reader and Flash and all versions of Java are together responsible for a total of 66 percent of the vulnerabilities in Windows systems exploited by malware." (Complete article at Adobe & Java Make Windows Insecure.)

Third Party software programs have long been targets for malware creators.  For those who forget to check third-party programs for missing updates, there are freeware programs available.  A favorite of many is UCheck, which includes a long list of programs it monitors. 

Of course, there are some third-party programs you may find you no longer need. Consider, for example, uninstalling Oracle Java, Adob Shockwave Player, and, of course, the no longer supported Adobe Flash player.

3.  Use a Standard/Limited User Account

Although the Administrator account is needed when setting up the computer, day-to-day usage should be with a Standard User Account which has limited permissions. An Administrator account provides the highest level of access to your computer whereas using a Standard User Account makes it more difficult for the computer to be infected.

Using a Standard User Account for everyday activities applies even if you are the sole user of the computer. For additional information, see Using a Standard/Limited User Account


4.  Watch what you download!

Many "freeware" programs come with an enormous amount of bundled spyware that will slow down your system, spawn pop-up advertisements, or just plain crash your browser or even Windows itself.  Watch for pre-checked options such as toolbars that are not essential to the operation of the installed software.

Peer-to-peer (P2P) programs like Kazaa, BearShare, Imesh, Warez P2P, and others are among the most notorious. P2P programs allow the creation of a network enabling people to connect with other users and upload or download material in a fast efficient manner

Note also that even if the P2P software you are using is "clean", a large percentage of the files served on the P2P network are likely to be infected. Do not open any files without being certain of what they are! 

Pre-scan downloaded files for viruses and malware at one of these multi-engine single file scan sites.  Both use a dozen or more well-known anti-malware scanners in a quick, easy scan with a report of results from all.

 -- Virus Total (10mb limit):  https://www.virustotal.com/gui/home/upload
 -- Jotti's Malware Scan (15mb limit):  http://virusscan.jotti.org/en 

In addition, the use of registry cleaners, system optimizers and the like are not recommended.  Modifying registry keys incorrectly can cause Windows instability or make Windows unbootable.  With registry cleaner and system optimization software programs, the potential is ever present to cause more problems than they claim to fix.  Do note, however, that Microsoft does not support the use of registry cleaners. See Microsoft support policy for the use of registry cleaning utilities

5.  Avoid questionable web sites!

Many disreputable sites will attempt to install malware on your system through "drive-by" exploits just by visiting the site in your browser. Lyrics sites, free software sites (especially ones that target young children), cracked software sites, and pornography sites are some of the worst offenders.

Most of these drive-by attempts will be thwarted if you keep your Windows updated and your internet browser secured (see below). Nevertheless, it is very important only to visit web sites that are trustworthy and reputable

In addition, never give out personal information of any sort online or click "OK" to a pop-up unless it is signed by a reputable company and you know what it is!

For more general information see the first section, "Educate yourself and be smart about where you visit and what you click on", in this tutorial by Grinler of BleepingComputer.

Must-Have Software

*NOTE*: Please only run one anti-virus and one anti-spyware program (in resident mode) and one firewall on your system. Running more than one of these at a time can cause system crashes and/or conflicts with each other.

6.  Antivirus

An Anti-Virus product is a necessity. There are many excellent programs that you can purchase as well as antivirus software programs free for personal use. In addition, Microsoft Defender comes pre-installed on both Windows 8.x and Windows 10.

Although there are excellent licensed antivirus programs, the following are antivirus software programs that are free for personal use: 
 
 -- Avast
 -- Avira
 -- Kaspersky Cloud
 -- Sophos

Please run only one antivirus resident at a time!

It is recommended to set your antivirus to receive automatic updates so you are always as fully protected as possible from the newest threats.

7.  Internet Browser

The latest Windows browser is Microsoft Edge, a chromium-based browser which eliminated BHO's (browser hijack objects) and ActiveX.  Although Internet Explorer was pre-installed on Windows 8 versions with the current version being Internet Explorer 11it is recommended that users of Internet Explorer change to Microsoft edge.  

For websites that still require Internet Explorer, see this Microsoft Support document:  Internet Explorer mode in Microsoft Edge.  Note also that Internet Explorer will reach end-of-life on June 15, 2022.  

Many malware infections install themselves by exploiting security holes in the Internet browser that you use. As a result, if you elect to use a third-party browser, it is extremely important to keep it updated.  Although not a complete list, third-party browsers include Brave, Firefox, Google Chrome, Opera, Pale Moon, and Vivaldi. 


8.  Firewall

It is critical that you use a firewall to protect your computer from hackers.  The built-in Windows firewall blocks both incoming and outbound and has made numerous improvements over the years, although it can be disabled in the registry by malware.

If you prefer to install a third-party firewall, locate the vendor site rather than a third-party hosting site. Pros and cons of free firewalls can be found here.  Please only use one firewall at a time!

Other Cleaning / Protection Software

Of the below-listed programs, passive protection like that provided by Malwaebytes Browser Guard and SpywareBlaster, can be used with active resident protection programs effectively.  For example, the free version of Malwarebytes' Anti-Malware is an on-demand scan and clean program that will also not conflict with resident protection, Spybot is also on-demand but has resident protection if the Teatimer function is used.

Only scan with one program at a time and should be run with a shutdown/restart between scans.


9.  Consider installing one of these additional programs

Malwarebytes Browser Guard -- Malwarebytes Browser Guard filters out annoying ads and scams while blocking trackers that spy on you.  However, it is only supported on Chrome, Edge and Firefox browsers.

SpywareBlaster is an excellent program that blocks spyware, adware, browser hijackers and dialers. Run the program, download the latest updates, "Enable All Protection" and you're done. Although it won't protect you from every form of spyware known to man, it is a very potent extra layer of protection.

Don't forget to check SpywareBlaster for updates every few weeks.  See this helpful tutorial by Lawrence Abrams, Using SpywareBlaster to protect your computer from Spyware, Hijackers, and Malware.


10.  Anti-Malware and Anti-Spyware Programs (Select one or two)

MalwareBytes' Anti-Malware
Spybot
SUPERAntiSpyware Free Edition




Happy safe computing!!

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

*Note:  The original version of this article was written in 2005 by Tony Klein and has been reproduced or linked to in thousands of locations. Tony is well known in the security community for his many contributions, including the CLSID List and "A Collection of Autostart Locations" hosted at the former Gladiator Antivirus site.

With permission from Tony, others in the security community as well as myself have continued updating it to include current operating systems and software program information.  It has come to my attention that updated copies of the article are no longer being maintained at many sites.

The above represents another update of the original "So how did I get infected in the first place?" ©Tony Klein.

Revised: TonyKlein,Oct 30 2005, 05:00 AM
Reproduced and edited with permission of the author.

(Updated 16September2021)
Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Tuesday, March 17, 2020

Adobe Acrobat DC and Reader DC Security Updates Released

Adobe
Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Release date:  March 17, 2020
Vulnerability identifier: APSB20-13
Platform: Windows and MacOS

Update or Complete Download

Reader DC and Acrobat DC were updated to version 20.006.20042.

 Update checks can be manually activated by choosing Help/Check for Updates. 
Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

References





Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...



Thursday, March 12, 2020

KB4551762 Released for WIndows 10 Versions 1903 and 1909 to Address CVE-2020-0796



Microsoft released KB4551762 to Address CVE-2020-0796.  From CVE-2020-0796 | Windows SMBv3 Client/Server Remote Code Execution Vulnerability:
"A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server or client.

To exploit the vulnerability against a server, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv3 server. To exploit the vulnerability against a client, an unauthenticated attacker would need to configure a malicious SMBv3 server and convince a user to connect to it.

The security update addresses the vulnerability by correcting how the SMBv3 protocol handles these specially crafted requests."

KB 4551762:  This update is for Windows 10 Versions 1903 and 1909.

Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Wednesday, March 11, 2020

Adobe Flash Player Update Released


Adobe Flashplayer

Adobe released Version 32.0.0.344 of Adobe Flash Player for Windows, macOS, Linux and Chrome OS. The update has important bug fixes.

Release date:  March 11, 2020
Vulnerability identifier:  None
Platform:  Windows, Macintosh, Linux and Chrome OS

Update:

*Important Note:  Downloading the update from the Adobe Flash Player Download Center link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras that you do not want.  They are not needed for the Flash Player update.

    Verify Installation

    To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

    Do this for each browser installed on your computer.

    To verify the version of Adobe Flash Player for Android, go to Settings/Applications/Manage Applications/Adobe Flash Player x.x.

    References



    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...









    Tuesday, March 10, 2020

    Microsoft March 2020 Security Updates



    The Microsoft March security updates have been released and consist of 115 CVEs. Of these 26 CVEs, rated Critical, 88 Important, and 1 rated Important in severity. None of the bugs being patched are listed as being publicly known or under active attack at the time of release.

    The updates apply to the following:  Microsoft Windows, Microsoft Edge(EdgeHTML-based), Microsoft Edge (Chromium-based), ChakraCore, Internet Explorer, Microsoft Exchange Server, Microsoft Office and Microsoft Office Services and Web Apps, Azure DevOps, Windows Defender, Visual Studio, Open Source Software, Azure, and Microsoft Dynamics.

    As of the time of this posting, Adobe has not released updates for Flash Player.

    The KBs listed below contain information about known issues with the security updates.

    Known Issues

    4538032 Visual Studio
    4538461 Windows 10 Version 1809, Windows Server 2019
    4540123 Microsoft Exchange Server
    4540670 Windows 10, version 1607, Windows Server 2016
    4540671 Internet Explorer
    4540673 Windows 10, version 1809, Windows Server version 1809, Windows 10, version 1809, Windows Server version 1809
    4540688 Windows 7, Windows Server 2008 R2 (Monthly Rollup)
    4540694 Windows Server 2012 (Security-only update)
    4541500 Windows 7, Windows Server 2008 R2 (Security-only update)
    4541504 Windows Server 2008 (Security-only update)
    4541505 Windows 8.1, Windows Server 2012 R2 (Security-only update)
    4541506 Windows Server 2008 Service Pack 2 (Monthly Rollup)
    4541509 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
    4541510 Windows Server 2012 (Monthly Rollup)

    Recommended Reading:  

    See Dustin Childs review and analysis in Zero Day Initiative — The March 2020 Security Update Review.

    For more information about the updates released today, see https://portal.msrc.microsoft.com/en-us/security-guidance/summary.  Updates can be sorted by OS from the search box. Information about the update for Windows 10 is available at Windows 10 Update history.

    Additional Update Notes:

    • Adobe Flash Player -- For Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1 and Windows 10, Adobe Flash Player is now a security bulletin rather than a security advisory and is included with the updates as identified above.
    • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.  Note:  Users who are paranoid about the remote possibility of a FP can opt to run this tool from a Command Prompt, appending a   /N   parameter [for "detect only" mode].
    • Servicing Stack Updates -- A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update. Learn more about SSU's in Servicing Stack Updates (SSU)
    • Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are also available via the Microsoft Update Catalog.
    • For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
    • Windows Update History:

    References


    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...





    Mozilla Firefox Version 74.0 Released With Security Updates

    Firefox

    Mozilla sent Firefox Version 74.0 to the release channel today.  The update included twelve (12) security updates of which five (5) are high, six (6) are moderate and one (1) are rated low.

    Also released was Firefox ESR Version 68.6.

    High


    Moderate


    Low

    New

    • Your login management has improved with the ability to reverse alpha sort (Name Z-A) in Lockwise, which you can access under Logins and Passwords.
    • Firefox now makes importing your bookmarks and history from the new Microsoft Edge browser on Windows and Mac simple.
    • Add-ons installed by external applications can now be removed using the Add-ons Manager (about:addons). Going forward, only users can install add-ons; they cannot be installed by an application.
    • Facebook Container prevents Facebook from tracking you around the web - Facebook logins, likes, and comments are automatically blocked on non-Facebook sites. But when we need an exception, you can now create one by adding custom sites to the Facebook Container.
    • Firefox now provides better privacy for your web voice and video calls through support for mDNS ICE by cloaking your computer’s IP address with a random ID in certain WebRTC scenarios.

    Fixed

    • We have fixed issues involving pinned tabs such as being lost. You should also no longer see them reorder themselves.

    Changed

    • When a video is uploaded with a batch of photos on Instagram, the Picture-in-Picture toggle would sit atop of the “next” button. The toggle is now moved allowing you to flip through to the next image of the batch.
    • On Windows, Ctrl+I can now be used to open the Page Info window instead of opening the Bookmarks sidebar. Ctrl+B still opens the Bookmarks sidebar making keyboard shortcuts more useful for our users.
    • We have disabled TLS 1.0 and TLS 1.1 to improve your website connections. Sites that don't support TLS version 1.2 will now show an error page.
    Update:  To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

    References


    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    Sunday, March 01, 2020

    Pale Moon Version 28.8.4 Released with Security Update


    Pale Moon
    Pale Moon has been updated to version 28.8.4The update is a small web compatibility and security update.  Linux versions will follow shortly.

    The update includes a DiD ("Defense-in-Depth") update.  A DiD update is s a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

    From the Release Notes:

    Changes/fixes:
    • Implemented optional catch binding (ES2019).
    • Fixed a hazardous crash related to module scripting.

    UpdateTo get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Click About Pale Moon and  Check for Updates.




    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...