Wednesday, September 30, 2020

Pale Moon Version 28.14.1 Released


Pale Moon
Pale Moon has been updated to version 28.14.1.

From the Release Notes:  This update addresses an intermittent crash in the newly-implemented ResizeObserver API (introduced in 28.14.0) occurring on a number of high-profile and often-used websites.

 Pale Moon includes both 32- and 64-bit versions for Windows:

Update

To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Tuesday, September 29, 2020

Pale Moon Version 28.14.0 Released With Security Updates


Pale Moon
Pale Moon has been updated to version 28.14.0. The update is a development and security update.  Linux versions will follow shortly.

Note: Included in the updates are DiD* patches.
*DiD stands for "Defense-in-Depth" and is a fix that does not apply to an actively exploitable vulnerability in Pale Moon but prevents future vulnerabilities caused by the same code when surrounding code changes, exposing the problem.

From the Release Notes:

Changes/fixes:

  • Updated the browser identity code for website security to more clearly indicate website status.
    A detailed explanation is available on the forum and beyond the scope of these release notes.
  • Updated unofficial branding to be more generic and more clearly separate unofficial builds from Pale Moon as a product.
    Please note that this goes hand in hand with an update of our redistribution license, and from this point forward any "New Moon" products are to be considered separate, and not unofficial Pale Moon builds or in any way related to or affiliated with Pale Moon, despite the similarity in name.
  • Added a preference (signon.startup.prompt) to give users the option to ask for the Master Password the moment the application starts (before the main window opens). This allows a workaround for getting multiple Master Password prompts if individual components need access to the password store at the same time.
  • Changed the way download sources are displayed to always use the actual domain downloads are from. In some situations the browser would previously display the domain of the referring page in an inconsistent fashion.
  • Implemented the ES2019 Object.fromEntries() utility function.
  • Implemented the CSS flow-root keyword.
  • (Re-)implemented percentage-based CSS opacity values according to the updated spec.
  • Implemented the last few missing bits for a standards-compliant implementation of JavaScript modules.(preloading, resource: scheme, etc.)
  • Implemented the ResizeObserver DOM API.
  • Fixed a null crash on some websites using CSS clip paths.
  • Updated script handling inside SVGs to only run scripts if they are enabled and permitted, avoiding a potential XSS pitfall.
  • Fixed several memory safety hazards and crashes.
  • Updated the MediaQueryList interface to the updated spec. It now inherits from EventTarget and implements AddEventListener/RemoveEventListener in addition to AddListener/RemoveListener and should improve web compatibility for some sites.
  • Removed support for the archaic and non-standard <marquee> element.
  • Removed some leftovers from the discontinued plugin update checker service.
  • Removed some internal HPKP implementation leftovers.
  • Cleaned up the Windows widget code to reduce potentially vulnerable direct-dll loads.
  • Security issues fixed: CVE-2020-15676 and CVE-2020-15677
  • Unified XUL Platform Mozilla Security Patch Summary: 2 fixed, 1 defense-in-depth, 7 not applicable.

 Pale Moon includes both 32- and 64-bit versions for Windows:

Update

To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Thursday, September 24, 2020

Optional Hotfix Released for Adobe Acrobat and Reader


AdobeAdobe has released an optional hotfix for Adobe Acrobat and Reader for Windows and macOS that addresses some important bug fixes.

Release date:  September 24, 2020
Vulnerability identifier: None
Platform: Windows and MacOS

Update or Complete Download

Reader DC and Acrobat DC were updated to version 20.012.20048.

 Update checks can be manually activated by choosing Help/Check for Updates. 
Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

References


Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, September 22, 2020

Mozilla Firefox Version 81.0 Released With Security Updates

Firefox


Mozilla sent Firefox Version 81.0 to the release channel today.  The update includes ten security updates of which four (4) are rated moderate high and three (3) are rated moderate.

At the time of this posting, there is no update for Firefox ESR Version 68.12 and based on the Rapid Release Calendar, it appears it may have reached EOL and the current ESR Version is 78.3, available from here.

High

 

Moderate

 New

  • You can pause and play audio or video in Firefox right from your keyboard or headset, giving you easy access to control your media when in another Firefox tab, another program, or even when your computer is locked.
  • In addition to our default, dark and light themes, with this release, Firefox introduces the Alpenglow theme: a colorful appearance for buttons, menus, and windows. You can update your Firefox themes under settings or preferences.
  • For our users in the US and Canada, Firefox can now save, manage, and auto-fill credit card information for you, making shopping on Firefox ever more convenient. To ensure the smoothest experience, this will be rolling out to users gradually.
  • Firefox supports AcroForm, which will soon allow you to fill in, print, and save supported PDF forms and the PDF viewer also has a new fresh look.
  • Our users in Austria, Belgium and Switzerland using the German version of Firefox will now see Pocket recommendations in their new tab featuring some of the best stories on the web. If you don’t see them, you can turn on Pocket articles in your new tab by following these steps. In addition to Firefox’s new tab, Pocket is also available as an app on iOS and Android.

Fixed
  • We’ve fixed a bug for users of language packs where the default language was reset to English after Firefox updates.
  • Browser native HTML5 audio/video controls received several important accessibility fixes:
    • Audio/video controls remain accessible to screen readers even when they are temporarily hidden visually.
    • Audio/video elapsed and total time are now accessible to screen readers where they weren't previously.
    • Various unlabelled controls are now labelled making them identifiable to screen readers.
    • Screen readers no longer intrusively report progress information unless the user requests it.

Changed

  • You will soon find Picture-in-Picture more easily on all the videos you watch with new iconography.
  • The bookmarks toolbar is now automatically revealed once bookmarks are imported into Firefox, making it easier to find your most important websites.
  • We have expanded our supported file types - .xml, .svg, and .webp - so files you’ve downloaded can be opened right in Firefox.

References

Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, September 08, 2020

Microsoft September 2020 Security Updates



The Microsoft September security updates have been released and consist of 129 CVEs.  Of these 129 CVEs, 23 are rated Critical, 105 are rated Important and 1 is rated moderate in severity.  

The updates apply to the following:  Microsoft Windows, Microsoft Edge (EdgeHTML-based), Microsoft Edge (Chromium-based), Microsoft ChakraCore, Internet Explorer, SQL Server, Microsoft JET Database Engine, Microsoft Office and Microsoft Office Services and Web Apps, Microsoft Dynamics, Visual Studio, Microsoft Exchange Server, SQL Server, ASP.NET, Microsoft OneDrive, and Azure DevOps.

An update to ADV990001 includes information on the new versions of Servicing Stack.  For information about Servicing Stack updates see Servicing Stack Updates (SSU).

The KBs listed below contain information about known issues with the security updates. 

KB Article Applies To
4484488 SharePoint Foundation 2013
4484515 SharePoint Enterprise Server 2013
4486667 SharePoint Foundation 2010
4570333 Windows 10 Version 1809, Windows Server 2019
4571756 Windows 10, version 2004
4577015 Windows 10, version 1607, Windows Server 2016
4577038 Windows Server 2012 (Monthly Rollup)
4577048 Windows Server 2012 (Security-only update)
4577051 Windows 7, Windows Server 2008 R2 (Monthly Rollup)
4577053 Windows 7, Windows Server 2008 R2 (Security-only update)
4577064 Windows Server 2008 Service Pack 2 (Monthly Rollup)
4577066 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
4577070 Windows Server 2008 Service Pack 2 (Security-only update)
4577071 Windows 8.1, Windows Server 2012 R2 (Security-only update)
4577352 Exchange Server 2019, Exchange Server 2016

Recommended Reading:  

See Dustin Childs review and analysis in Zero Day Initiative — The September Security Update Review.

For more information about the updates released today, see https://portal.msrc.microsoft.com/en-us/security-guidance/summary.  Updates can be sorted by OS from the search box.

Additional Update Notes:

  • Adobe Flash Player -- For Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1 and Windows 10, Adobe Flash Player is now a security bulletin rather than a security advisory and is included with the updates as identified above. Note, however, that there are no Adobe Flash Player security updates for Active X.
  • MSRT -- The Malicious Software Removal Tool is now run on a quarterly basis rather than monthly.  See Remove specific prevalent malware with Windows Malicious Software Removal Tool.
  • Servicing Stack Updates -- A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update. Learn more about SSU's in Servicing Stack Updates (SSU)
  • Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are also available via the Microsoft Update Catalog.
  • For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
  • Windows Update History:

References


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...





Adobe Flash Player Update


Adobe Flashplayer

Adobe released Version 32.0.0.433 of Adobe Flash Player for Windows, macOS, Linux and Chrome OS with assorted bug fixes.

Release date:  September 8, 2020
Vulnerability identifier:  None
Platform:  Windows, Macintosh, Linux and Chrome OS

Update:

*Important Note:  Downloading the update from the Adobe Flash Player Download Center link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras that you do not want.  They are not needed for the Flash Player update.

    Verify Installation

    To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

    Do this for each browser installed on your computer.

    To verify the version of Adobe Flash Player for Android, go to Settings/Applications/Manage Applications/Adobe Flash Player x.x.

    References



    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...









    Friday, September 04, 2020

    Pale Moon Version 28.13.0 Released With Security Updates


    Pale Moon
    Pale Moon has been updated to version 28.13.0. The update is a compatibility, bugfix and security update.  Linux versions will follow shortly.

    Note: Included in the updates are DiD* patches.
    *DiD stands for "Defense-in-Depth" and is a fix that does not apply to an actively exploitable vulnerability in Pale Moon but prevents future vulnerabilities caused by the same code when surrounding code changes, exposing the problem.

    From the Release Notes:

    Changes/fixes:
    • Updated the included site-specific user-agent overrides for a number of websites that need them.
    • Rewritten the browser's padlock code to use more modern APIs and provide more accurate security status indication.
      Now also with localized tooltips!
    • Fixed a missing close button on the undo prompt after removing a thumbnail from the QuickDial new tab page.
    • Fixed an issue with the alternative stylesheet menu in the browser's UI not working.
    • Implemented the use of intrinsic aspect ratios for images to improve layout during load and page positioning.
    • Added a preference to the use of node.getRootNode and disabled by default. See implementation notes.
    • Added CSS -webkit-appearance as an alias for -moz-appearance to improve compatibility with websites that only try to use Chrome-specific keywords to style standard form elements.
    • Updated the SQLite library to 3.33.0.
    • Reinstated precise floating point precision model in JavaScript for those alternate builders who foolishly try to use the inaccurate "fast" model.
    • Improved spec compliance of modular JavaScript use (ECMAScript modules).
    • Changed media errors to be a more generic response, and added a preference (media.sourceErrorDetails.enabled) to enable detailed error reporting of media errors for debugging purposes.
      Previously, detailed errors were provided by default which could lead to privacy issues.
    • Improved code stability of the AbortController implementation.
    • Fixed a race condition in the secure connection library (NSS).
    • Security issues fixed: CVE-2020-15664, CVE-2020-15666, CVE-2020-15667, CVE-2020-15668 and CVE-2020-15669.
    • Unified XUL Platform Mozilla Security Patch Summary: 4 fixed, 1 defense-in-depth, 1 rejected, 9 not applicable.
    Implementation notes:

    • In 28.11.0 we introduced node.getRootNode because some websites would fail with an error if this function was not present. Unfortunately, this caused problems with other sites that (incorrectly) assume Google WebComponents are available when this utility function is present (feature detection gone wrong). While it is considered by some to be part of the Google WebComponents implementation, it actually has utility value outside of that use. Because of the problems caused, we've added a preference and disabled it by default, fixing these kinds of websites.
      When needed, you can re-enable this function with dom.getRootNode.enabled
      This should improve web compatibility by default yet still allow users to enable this function for websites that use its utility but do not use WebComponents.
    Pale Moon includes both 32- and 64-bit versions for Windows:

    Update

    To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.




    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...


    Thursday, September 03, 2020

    Microsoft Cumulative Update for Windows 10 Version 2004



    Microsoft released a cumulative update with non-security improvements and fixes for Windows 10 Version 2004. 

    The update addresses a long list of issues, of which the following are identified as highlights:
    • Updates an issue that might prevent ActiveX content from loading.
    • Updates an issue that might cause apps that use the custom text wrapping function to stop working in certain scenarios. 
    • Updates an issue to reduce the likelihood of missing fonts. 
    • Updates an issue that prevents users from reducing the size of a window in some cases. 
    • Updates an issue that causes the touch keyboard to close when you touch any key. 
    • Provides the ability for Dolby Atmos for Headphones and DTS Headphone: X to be used in 24-bit mode on devices that support 24-bit audio.
    • Updates an issue with a blurry sign in screen. 
    • Updates an issue with Windows Update becoming unresponsive when checking for updates. 
    • Updates an issue that causes File Explorer to stop working when you browse directories of raw images and other file types. 
    • Improves the tablet experience for convertible or hybrid devices in docked scenarios. 
    • Improves the user experience of the Windows Hello enrollment pages for face and fingerprint setup. 
    • Updates an issue that prevents you from unlocking a device if you typed a space before the username when you first signed in to the device. 
    • Updates an issue that causes applications to take a long time to open.
    • Addresses an issue that prevents apps from downloading an update or opening in certain scenarios. 
    • Updates an issue that causes Microsoft Office applications to close unexpectedly when using a Korean IME.
    • Updates time zone information for the Yukon, Canada. 
     The complete list of improvements and fixes can be found in KB4571744.

    To download and install the update, go to Settings -> Update and Security ->  Windows Update and select Check for updates.  The standalone package for this update is available in the Microsoft Update Catalog.  In addition, with Windows Update, the latest SSU (KB4570334) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the Microsoft Update Catalog.

    Windows 10 update history

    Home
    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    Tuesday, September 01, 2020

    Mozilla Firefox Version 80.0.1 Released

    Firefox

    Mozilla sent Firefox Version 80.0.1 to the release channel today with a number of bug fixes. 

    At the time of this posting, Firefox ESR remains at Version 68.12.



    Fixed
      • Fixed a performance regression when encountering new intermediate CA certificates (bug 1661543)
      • Fixed crashes possibly related to GPU resets (bug 1627616)
      • Fixed rendering on some sites using WebGL (bug 1659225)
      • Fixed the zoom-in keyboard shortcut on Japanese language builds (bug 1661895)
      • Fixed download issues related to extensions and cookies (bug 1655190)

        References

        Home
        Remember - "A day without laughter is a day wasted."
        May the wind sing to you and the sun rise in your heart...