Tuesday, November 24, 2020

Pale Moon Version 28.16.0 Released With Security Updates


Pale Moon

Pale Moon has been updated to version 28.16.0.  This is a development and security update.

Note: Included in the updates are DiD* patches.

*DiD stands for "Defense-in-Depth" and is a fix that does not apply to an actively exploitable vulnerability in Pale Moon but prevents future vulnerabilities caused by the same code when surrounding code changes, exposing the problem.

Note for Linux users: With CentOS 6 going end-of-life, this version will be the last for which we will be building 32-bit Linux official binaries to download. While your distribution may choose to continue offering 32-bit versions of the browser, built from source by the maintainers, we won't be offering any further official 32-bit Linux binaries on our website. Please check with your distribution's package maintainers to know if further 32-bit support will be available on your particular flavor of Linux.

Changes/fixes:

  • Aligned CSS tab-size with the specification and un-prefixed it.
  • Updated Brotli library to 1.0.9.
  • Updated JAR lib code.
  • Optimized UI code, resulting in smaller downloads and less space consumed on disk.
  • Changed the default Firefox Compatibility version number to 68.0 (since versions ending in .9 makes some frameworks unhappy, refusing access to users)
  • Cleaned up HPKP leftovers.
  • Disabled the DOM filesystem API by default.
  • Removed Phone Vibrator API.
  • Fixed an issue where the software uninstaller would not remove the program files it should.
  • Fixed a devtools crash related to timeline snapshots.
  • Fixed an issue in Skia that could cause unsafe memory access. DiD
  • Fixed several data race conditions. DiD
  • Fixed an XSS vulnerability where scripts could be executed when pasting data into on-line editors.
  • Linux: Fixed an overflow issue in freetype.
  • Security issues addressed: CVE-2020-26960, CVE-2020-26951, CVE-2020-26956, CVE-2020-15999 and several others that do not have a CVE designation.
  • Unified XUL Platform Mozilla Security Patch Summary: 4 fixed, 4 defense-in-depth, 3 rejected, 20 not applicable.
Implementation notes:
  • Windows binaries should all be properly code-signed again.
  • The uninstaller issue might only appear if you have not used the internal updater to update the browser after installation.
  • The DOM Filesystem and dir picker APIs are, in practice, not used on websites. We've disabled these web-exposed APIs because they are not entirely without potential risk, and intend to remove them in a future version unless there is a demonstrable need to keep them as optional (unsupported) APIs in the platform.
  • One of the rejected security patches deals with entering a single word in the address bar. Standard browser behavior in that situation is for browsers to do a normal network lookup of that word in case it is a LAN machine name (other browsers also do this) which may "leak" your entered search term to the LAN. If you want to avoid this, please always use the search box for entering web searches, as it's unambiguous what to do with single words in that case.

 Pale Moon includes both 32- and 64-bit versions for Windows:

Update

To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

Release Notes




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Monday, November 23, 2020

Adobe Acrobat and Reader Optional Hotfix Released


AdobeAdobe has released an optional hotfix for Adobe Acrobat and Reader for Windows and macOS that addresses some important bug fixes.


Release date:  November 23, 2020
Vulnerability identifier: None
Platform: Windows and MacOS

Bug fixes

Browser:
  • 4317476: Performance issues while loading PDFs in IE Browser and SAP tools
  • 4317186: IE Browser & SAP tools crashing when opening second PDF

Update or Complete Download

Reader DC and Acrobat DC were updated to version 20.013.20066.

 Update checks can be manually activated by choosing Help/Check for Updates. 

Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

References

Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, November 17, 2020

Mozilla Firefox Version 83.0 Released with Security Updates

Firefox


Mozilla sent Firefox Version 83.0 to the release channel today.  The update includes seven security updates of which four (4) are rated high, eleven (11) moderate and six (6) rated low.

Firefox ESR was updated to Version 78.5.

High

 Moderate

  Low

New

  • Firefox keeps getting faster as a result of significant updates to SpiderMonkey, our JavaScript engine, you will now experience improved page load performance by up to 15%, page responsiveness by up to 12%, and reduced memory usage by up to 8%. We have replaced part of the JavaScript engine that helps to compile and display websites for you, improving security and maintainability of the engine at the same time.

  • Firefox introduces HTTPS-Only Mode. When enabled, this new mode ensures that every connection Firefox makes to the web is secure and alerts you when a secure connection is not available. You can enable it in Firefox Preferences.

  • Pinch zooming will now be supported for our users with Windows touchscreen devices and touchpads on Mac devices. Firefox users may now use pinch to zoom on touch-capable devices to zoom in and out of webpages.

  • Picture-in-Picture now supports keyboard shortcuts for fast forwarding and rewinding videos: use the arrow keys to move forward and back 15 seconds, along with volume controls. For a list of supported commands see Support Mozilla

  • When you are presenting your screen on a video conference in Firefox, you will see our improved user interface that makes it clearer which devices or displays are being shared.

  • We’ve improved functionality and design for a number of Firefox search features:

    • Selecting a search engine at the bottom of the search panel now enters search mode for that engine, allowing you to see suggestions (if available) for your search terms. The old behavior (immediately performing a search) is available with a shift-click.
    • When Firefox autocompletes the URL of one of your search engines, you can now search with that engine directly in the address bar by selecting the shortcut in the address bar results.
    • We’ve added buttons at the bottom of the search panel to allow you to search your bookmarks, open tabs, and history.
  • Firefox supports AcroForm, which will allow you to fill in, print, and save supported PDF forms and the PDF viewer also has a new fresh look.

  • Our users in India on the English build of Firefox will now see Pocket recommendations in their new tab featuring some of the best stories on the web. If you don’t see them, you can turn on Pocket articles in your new tab by following these steps.

  • For the recently released Apple devices built with Apple Silicon CPUs, you can use Firefox 83 and future releases without any change. This release (83) will support emulation under Apple’s Rosetta 2 that ships with macOS Big Sur. We are working toward Firefox being natively-compiled for these CPUs in a future release.

  • This is a major release for WebRender as we roll out to more Firefox users on Windows 7 and 8 as well as on macOS 10.12 to 10.15.

Fixed

  • This release also includes a number of accessibility fixes:

    • Screen reader features which report paragraphs now correctly report paragraphs instead of lines in Google Docs
    • When reading by word using a screen reader, words are now correctly reported when there is punctuation nearby
    • The arrow keys now work correctly after tabbing in the picture-in-picture window
  • For users on macOS restoring a session with minimized windows, Firefox now uses much less power and you should see much longer battery life.

References

Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Wednesday, November 11, 2020

Lest We Forget

The "eleventh hour of the eleventh day of the eleventh month" of 1918.  Whether you call it Veteran's Day, Armistice Day or Remembrance Day, November 11th is a time to put aside politics and pay tribute to all who died for their country.  It is also a perfect time to thank the Veterans in whatever country you live in.

As in previous years, I am republishing a portion of my friend Canuk's last tribute and, once again, adding a special thank you to my friends Mitch the "Phantom Phixer" and Larry, "Ghost".

The comment Canuk posted provides one example of why he was a special person:
"I too "will remember your friends who never had a full life", while thanking you and your comrades who have served with pride, honesty and honour."
LEST WE FORGET




We Shall Keep the Faith by Moira Michael, November 1918
Oh! you who sleep in Flanders Fields, Sleep sweet - to rise anew! We caught the torch you threw And holding high, we keep the Faith With All who died. We cherish, too, the poppy red That grows on fields where valor led; It seems to signal to the skies That blood of heroes never dies, But lends a lustre to the red Of the flower that blooms above the dead In Flanders Fields. And now the Torch and Poppy Red We wear in honor of our dead. Fear not that ye have died for naught; We'll teach the lesson that ye wrought In Flanders Fields. Flags courtesy of3DFlags.com





Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...



Tuesday, November 10, 2020

Microsoft November 2020 Security Updates



The Microsoft November security updates have been released and consist of 112 CVEs.  Of these 112 CVEs, 17 are rated Critical, 93 are rated Important and 2 are rated low in severity.  

The updates apply to the following:  Microsoft Windows, Microsoft Office and Microsoft Office Services and Web Apps, Internet Explorer, Microsoft Edge (EdgeHTML-based)m Microsoft Edge (Chromium-based), ChakraCore, Microsoft Exchange Server, Microsoft Dynamics, Microsoft Windows Codecs Library, Azure Sphere, Windows Defender, Microsoft Teams, Azure SDK, Azure DevOps, and Visual Studio.

An update to ADV990001 includes information on the new versions of Servicing Stack.  For information about Servicing Stack updates see Servicing Stack Updates (SSU).

The KBs listed below contain information about known issues with the security updates. 

KB Article Applies To
4486714 SharePoint Server 2019
4486717 SharePoint Server 2016
4586781 Windows 10, version 2004, Windows Server version 2004, Windows 10, version 20H2, Windows Server version 20H2
4586786 Windows 10, version 1903, Windows Server version 1903, Windows 10, version 1909, Windows Server version 1909
4586793 Windows 10 Version 1809, Windows Server 2019
4586805 Windows 7, Windows Server 2008 R2 (Security-only update)
4586807 Windows Server 2008 (Monthly Rollup)
4586808 Windows Server 2012 (Security-only update)
4586817 Windows Server 2008 (Security-only update)
4586823 Windows 8.1, Windows Server 2012 R2 (Security-only update)
4586827 Windows 7, Windows Server 2008 R2 (Monthly Rollup)
4586830 Windows 10, version 1607, Windows Server 2016
4586834 Windows Server 2012 (Monthly Rollup)
4586845 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
4486714 SharePoint Server 2019
4486717 SharePoint Server 2016
4588741 Microsoft Exchange Server 2013, Microsoft Exchange Server 2016, Microsoft Exchange Server 2019

Recommended Reading 

See Dustin Childs review and analysis in Zero Day Initiative — The November Security Update Review.

For more information about the updates released today, see the new version of the Security Update Guide, described here.

Additional Update Notes:

  • Adobe Flash Player -- For Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1 and Windows 10, Adobe Flash Player is now a security bulletin rather than a security advisory and is included with the updates as identified above.
  • MSRT -- The Malicious Software Removal Tool is now run on a quarterly basis rather than monthly.  See Remove specific prevalent malware with Windows Malicious Software Removal Tool.
  • Servicing Stack Updates -- A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update. Learn more about SSU's in Servicing Stack Updates (SSU)
  • Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are also available via the Microsoft Update Catalog.
  • For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
  • Windows Update History:

References


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...





Adobe Flash Player Update Released


Adobe Flashplayer

Adobe released Version 32.0.0.453 of Adobe Flash Player for Windows, macOS, Linux and Chrome OS with important bug fixes.

Release date:  November 10, 2020
Vulnerability identifier:  None
Platform:  Windows, Macintosh, Linux and Chrome OS
 

From the Release Notes:

Flash Player End of Life Information
As previously announced in July 2017, Adobe will stop updating and distributing Flash Player after December 31, 2020.  We made this announcement in collaboration with several of our technology partners – including Apple, Facebook, Google, Microsoft and Mozilla.  Adobe will continue issuing regular Flash Player security patches while maintaining operating system and browser compatibility through the end of 2020.  For general information on the Adobe Flash Player EOL, please see our FAQ.  More information on Flash support options for enterprise customers is available here.

Update:
*Important Note:  Downloading the update from the Adobe Flash Player Download Center link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras that you do not want.  They are not needed for the Flash Player update.

    Verify Installation

    To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

    Do this for each browser installed on your computer.

    To verify the version of Adobe Flash Player for Android, go to Settings/Applications/Manage Applications/Adobe Flash Player x.x.

    References



    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...









    Monday, November 09, 2020

    Mozilla Firefox Version 82.0.3 Released With Critical Security Update

    Firefox


    Mozilla sent Firefox Version Version 82.0.3 to the release channel today to fix a critical security vulnerability.  Firefox ESR was updated to Version 78.4.1.

    Critical

     References

    Home
    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    Tuesday, November 03, 2020

    Adobe Acrobat DC and Reader DC Security Updates Released

    Adobe
    Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical, important, and moderate vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.

    Release date:  November 3, 2020
    Vulnerability identifier: APSB20-67
    Platform: Windows and MacOS

    Update or Complete Download

    Reader DC and Acrobat DC were updated to version 20.013.20064Updates should become available via the internal updater or checks can be manually activated by choosing Help/Check for Updates. 
    Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

    References




    Home
    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...