Tuesday, June 30, 2020

Mozilla Firefox Version 78.0 Released

Firefox

Mozilla sent Firefox Version 78.0 to the release channel today.  The update reportedly includes security updates but no information has been provided as of the time of this post.

Also released was Firefox ESR Version 68.10.0.


New
  • The Protections Dashboard includes consolidated reports about tracking protection, data breaches, and password management. New features let you:
    • Track how many breaches you’ve resolved right from the dashboard
    • See if any of your saved passwords may have been exposed in a data breach
    To view your dashboard, type about:protections into the address bar, or select “Protections Dashboard” from the main menu.
  • Because we know people try to fix problems by reinstalling Firefox when a simple refresh is more likely to solve the issue, we’ve added a Refresh button to the Uninstaller.
  • With this release, your screen saver will no longer interrupt WebRTC calls on Firefox, making conference and video calling in Firefox better.
  • We’ve rolled out WebRender to Windows users with Intel GPUs, bringing improved graphics performance to an even larger audience.
  • Firefox 78 is also our Extended Support Release (ESR), where the changes made over the course of the previous 10 releases will now roll out to our ESR users. Some of the highlights are:
    • Kiosk mode
    • Client certificates
    • Service Worker and Push APIs are now enabled
    • The Block Autoplay feature is enabled
    • Picture-in-picture support
    • View and manage web certificates in about:certificate
  • Pocket recommendations, featuring some of the best stories on the web, will now appear on the Firefox new tab for 100% of our users in the UK. If you don’t see them, you can turn on Pocket articles in your new tab, follow these steps.
Fixed
  • We fixed bugs in the search results quality composition and improved search result texts based on recommendations by our partners.

Changed

  • The minimal system requirements on Linux have been updated. Firefox now needs GNU libc 2.17, libstdc++ 4.8.1 and GTK+ 3.14 or newer versions.
  • As part of our ongoing effort to deprecate obsolete cryptography, we have disabled all remaining DHE-based TLS ciphersuites by default.
    • To mitigate web compatibility issues from disabling DHE-based TLS ciphersuites, Firefox 78 enables two more AES-GCM SHA2-based ciphersuites.
  • We have disabled TLS 1.0 and TLS 1.1 to improve your website connections. Sites that don't support TLS version 1.2 will now show an error page.
  • The context menu (accessed by right clicking on a tab) lets you undo multiple tab closings with a single click and places Close Tabs to the Right and Close Other Tabs in a submenu.
  • A number of accessibility improvements have been made with this release.
    • When using the JAWS screen reader, pressing the down arrow in an HTML input control with a datalist no longer incorrectly moves the cursor to the next element after the input control.
    • Screen readers no longer severely lag or freeze when focusing the microphone/camera/screen sharing indicator.
    • Large tables with thousands of rows now load much faster for screen reader users.
    • Text input controls with custom styling now correctly show the focus outline when appropriate.
    • Screen readers no longer sometimes incorrectly switch to document browsing mode unexpectedly when the user enters the main Developer Tools window.
    • We reduced a number of animations such as tab hover, search bar expansion, and others to reduce motion for users with migraines and epilepsy.

References

Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, June 09, 2020

Microsoft June 2020 Security Updates



The Microsoft June security updates have been released and consist of 129 CVEs.  Of these 129 CVEs, 11 are rated Critical and 118 are rated Important in severity.

The updates apply to the following:  Microsoft Windows, Microsoft Edge (EdgeHTML-based), Microsoft Edge (Chromium-based) in IE Mode, Microsoft ChakraCore, Internet Explorer, Microsoft Office and Microsoft Office Services and Web Apps, Windows Defender, Microsoft Dynamics, Visual Studio, Azure DevOps, HoloLens, Adobe Flash Player, Microsoft Apps for Android, Windows App Store, System Center, and Android App.

The KBs listed below contain information about known issues with the security updates.

KB Article Applies To
4560960 Windows 10, version 1903, Windows Server version 1903, Windows 10, version 1909, Windows Server version 1909
4561608 Windows 10 Version 1809, Windows Server 2019
4561616 Windows 10, version 1607, Windows Server 2016
4561643 Windows 7, Windows Server 2008 R2 (Monthly Rollup)
4561645 Windows Server 2008 (Security-only update)
4561669 Windows 7, Windows Server 2008 R2 (Security-only update)
4561670 Windows Server 2008 (Monthly Rollup)

Recommended Reading:  

See Dustin Childs review and analysis in Zero Day Initiative — The June Security Update Review.

For more information about the updates released today, see https://portal.msrc.microsoft.com/en-us/security-guidance/summary.  Updates can be sorted by OS from the search box. Information about the update for Windows 10 is available at Windows 10 Update history.

Additional Update Notes:

  • Adobe Flash Player -- For Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1 and Windows 10, Adobe Flash Player is now a security bulletin rather than a security advisory and is included with the updates as identified above. Note, however, that there are no Adobe Flash Player security updates for Active X.
  • MSRT -- The Malicious Software Removal Tool is now run on a quarterly basis rather than monthly.  See Remove specific prevalent malware with Windows Malicious Software Removal Tool.
  • Servicing Stack Updates -- A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update. Learn more about SSU's in Servicing Stack Updates (SSU)
  • Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are also available via the Microsoft Update Catalog.
  • For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
  • Windows Update History:

References


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...





Adobe Flash Player Critical Security Update Released


Adobe Flashplayer

Adobe released Version 32.0.0.387 of Adobe Flash Player for Windows, macOS, Linux and Chrome OS. These updates address a critical vulnerability in Adobe Flash Player. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Release date:  June 9, 2020
Vulnerability identifier:  APSB20-30
Platform:  Windows, Macintosh, Linux and Chrome OS

Update:

*Important Note:  Downloading the update from the Adobe Flash Player Download Center link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras that you do not want.  They are not needed for the Flash Player update.

    Verify Installation

    To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

    Do this for each browser installed on your computer.

    To verify the version of Adobe Flash Player for Android, go to Settings/Applications/Manage Applications/Adobe Flash Player x.x.

    References



    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...









    Friday, June 05, 2020

    Pale Moon Version 28.10.0 Released With Security Updates


    Pale Moon
    Pale Moon version 28.10.0 has been released.  The update is a development, bugfix and security update.  Linux versions will follow shortly.

    The update includes DiD ("Defense-in-Depth") updates.  A DiD update is s a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.
    From the Release Notes
     
    Changes/fixes:
    • Implemented URLSearchParams' sort() function
    • Implemented ES2020 globalThis for web compatibility
    • Improved our WebM media parser to be more tolerant to different encoding styles.
    • Improved our MP3 media parser to be more tolerant to different encoding styles and particularly tiny files/stream chunks.
    • Improved performance of table drawing for more corner cases
    • Changed the way images without a src are handled in page layouts to align with the Chrome-pushed spec.
    • Added modern MIPS support
    • Split out the ICU data file from xul.dll on Windows
    • Fixed a regression in WebAudio channel handling due to a landed security fix.
    • Fixed a regression preventing scripting from properly disabling input controls
    • Fixed an issue with border radius sometimes not being honored in tables
    • Fixed some build issues in non-standard configurations.
    • Removed more telemetry code
    • Removed the in-browser speech recognition engine and API
    • Removed support for the obsolete and unmaintained NVidia 3DVision stereoscopic interface.
    • Changed handling of braille blanks in the ui (CVE-2020-12409) DiD
    • Mitigated a potential timing attack against DSA keys in NSS (CVE-2020-12399)
    • Unified XUL Platform Mozilla Security Patch Summary: 1 fixed, 1 defense-in-depth, 8 not applicable. 



    UpdateTo get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Click About Pale Moon and  Check for Updates.


    Release Notes


    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...


    Wednesday, June 03, 2020

    Mozilla Firefox Version 77.0.1 Released

    Firefox

    Mozilla sent Firefox Version 77.0.1 to the release channel today. 

    At the time of this posting, Firefox ESR remains at Version 68.9.


    Fixed

    • Disabled automatic selection of DNS over HTTPS providers during a test to enable wider deployment in a more controlled way (bug 1642723)

    References

    Home
    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    Tuesday, June 02, 2020

    Adobe Releases Another Optional Hotfix for Adobe Acrobat DC and Reader DC

    Adobe
    Adobe has released an optional hotfix for Adobe Acrobat and Reader for Windows and macOS that addresses some important bug fixes.

    Release date:  June 2, 2020
    Vulnerability identifier: None
    Platform: Windows and MacOS

    Update or Complete Download

    Reader DC and Acrobat DC were updated to version 20.009.20067.

     Update checks can be manually activated by choosing Help/Check for Updates. 
    Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

    References





    Home
    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...



    Mozilla Firefox Version 77.0 Released With Security Updates

    Firefox

    Mozilla sent Firefox Version 77.0 to the release channel today.  The update included seven (7) security updates of which five (5) are high, one (1) moderate and one (1) is low in severity.

    Also released was Firefox ESR Version 68.9.


    High

    Moderate

    Low

    New
    • Pocket recommendations, featuring some of the best stories on the web, will appear on the Firefox new tab for our users in the UK. If you don’t see them, you can turn on Pocket articles in your new tab, follow these steps.
    • WebRender continues its roll out to more Firefox for Windows users, now available by default on Windows 10 laptops running on Nvidia GPUs with medium (<= 3440x1440) and large screens (> 3440x1440).
    • You can view and manage web certificates more easily on the new about:certificate page.

    References

    Home
    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...