Tuesday, April 27, 2021

Pale Moon Version 29.2.0 Released With Change to Extension Support


Pale Moon

Pale Moon has been updated to version 29.2.0.  This is a development and bugfix release.  Linux versions will follow soon.

Important Note:

Starting with this version, Pale Moon will no longer support unmaintained legacy Firefox extensions that are not updated for/targeting Pale Moon directly.  To check if you have extensions that are unmaintained legacy extensions, go to Tools > Add-ons > Extensions.  The extension name will be in red followed by a notification and a link to this forum post for details. 

Changes/fixes:
  • When opening tabs from the History side bar, Pale Moon will now warn you about the action if it would result in opening many tabs at once.
  • Pale Moon now offers "Open All in Tabs" on bookmark folders even if there is only one sub-item in it, for UI consistency.
  • Added media format controls in the Content category of Preferences.
  • Added controls for preferred color scheme. See implementation notes.
  • Updated several site-specific user-agent overrides for web compatibility.
  • Removed the ability to accept Firefox IDs for extension installation.
  • Removed conditional Macintosh code from the application front-end.
  • Updated the AV1 reference library to 2.0.
  • Cleaned up more Android code from the platform.
  • Updated the embedded emoji font to cater to even more race-dependent profession emoji.
  • Fixed an overflow in clip paths, potentially causing them to be rendered incorrectly.
  • Added CSS values smooth, high-quality and pixelated to the image-rendering keyword.
  • Implemented Intl.NumberFormat.formatToParts() to allow deconstruction of localized number formats by scripts.
  • Reinstated the dom.details_element.enabled preference and fixed a rendering issue with summary/details html elements.
  • Fixed an issue with CSP .nonce attributes on elements.
  • Security issues addressed: CVE-2021-29946 DiD and CVE-2021-23994 DiD .
  • Unified XUL Platform Mozilla Security Patch Summary: 2 DiD, 14 not applicable.

*DiD This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

Implementation notes:
This version adds support for the prefers-color-scheme CSS keyword. This keyword is a media query keyword that indicates to websites whether your content styling preference is "light" or "dark". Unlike other browsers where this will be tied to your system color scheme and determined automatically (which might be a point on which you can be fingerprinted, so this would be a privacy concern), we've decided to give the user control through Preferences -> Content -> Colors where you will find a new control to indicate your user preference (it defaults to "light" for everyone). While this control also gives you the option to disable this feature and effectively not support the keyword, be aware that this might cause issues on some websites that do not provide styling for "unspecified" color scheme preferences.
In the future we may add an "automatic" option similar to other browsers in case you regularly switch your system application style from light to dark and v.v.

Pale Moon includes both 32- and 64-bit versions for Windows:

Update

To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

Release Notes




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Friday, April 23, 2021

Update to Adobe Acrobat and Reader Optional Hotfix Released

Adobe
Adobe released another optional hotfix Adobe Acrobat DC and Adobe Reader DC for Windows and macOS that addresses important bug fixes.

Release date:  April 16, 2020
Vulnerability identifier: None
Platform: Windows and MacOS

Bug fixes
 
Browser
  • 4327498: Unable to open FDF from web app
Security-Signatures
  • 4327765: Acrobat and Reader generates incorrect signature data for Elliptical curve signatures when Elliptical Certificate is stored in Windows Certificate store.

Update

The version for Windows was updated to 21.001.200150 but remained at 21.001.20149 for Macs.  Updates should become available via the internal updater or checks can be manually activated by choosing Help/Check for Updates. 


Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

References




Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Thursday, April 22, 2021

Microsoft C Release Preview for Windows 10 Version 1909

Microsoft released the monthly “C” release preview cumulative update with non-security improvements and fixes for Windows 10 Version 1909.  As described in Group configuration: news and interests on the Windows taskbar, the "News and Interests" is stating to roll out today and is included in the Cumulative Update Preview today for Version 1909.  Additional information about this addition is available n the referenced article.

In addition to improvements and fixes listed in KB5001396 highlights include the following:

  • Updates an issue that causes blank tiles to appear on the Start menu with names such as “ms-resource:AppName” or "ms-resource:appDisplayName".

  • Adds the ability to adjust the amount of idle time before a headset goes to sleep in the Settings app for Windows Mixed Reality. 

  • Updates an issue that generates a stop error when you delete a file or folder from locations that sync with Microsoft OneDrive. 

Prerequisite:

You must install the April 13, 2021 servicing stack update (SSU) (KB5001406) or the latest SSU (KB5003155) before installing the latest cumulative update (LCU). For additional information, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.

If you are using Windows Update, the latest SSU will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the Microsoft Update Catalog.

To download and install the update, go to Settings -> Update and Security -> Windows Update and select Check for updates. To get the standalone package for this update, go to the Microsoft Update Catalog website.


For information about the the types of updates released by Microsoft each month see Windows 10 update servicing cadence primer.

Important NoteWindows 10 1909 is reaching the end of service on May 11th, 2021, for devices running the Home, Pro, Pro for Workstation, and Server SAC editions and will no longer receive security updates.

Windows 10 update history




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...




Tuesday, April 20, 2021

Oracle Java Updates Released

java

Oracle released the scheduled security updates for its Java SE Runtime Environment software.  

Important:  The Edge browser does not support plug-ins.  In the event you still have a need for Java, it will be necessary to use Firefox or open with Internet Explorer by selecting the "More Actions" option located at the top of the Edge browser and then click "Open with Internet Explorer.  (See Windows 10 and Java.)

Update

If Java is still installed on your computer, it is recommended that this update be applied as soon as possible due to the threat posed by a successful attack.

Download Information

Java SE Runtime Environment Version 8u291:  https://www.oracle.com/java/technologies/javase-jre8-downloads.html or https://java.com/en/download/manual.jsp.

Notes:

  • UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.  Preferably, see the instructions below on how to handle "Unwanted Extras".  
  • Oracle does not plan to migrate desktops from Java 8 to Java 9 through the auto update feature.  Therefore, it is strongly recommended that you uninstall JRE 8 prior to updating.
  • Verify your versionhttp://www.java.com/en/download/testjava.jsp.   Note:  The Java version verification page will only work if your browser has NPAPI support.  In that case, to check the version, open a cmd window and enter the following (note the space following Java):  java -version

Critical Patch Updates

For Oracle Java SE Critical Patch Updates, the next scheduled dates are as follows
  • 20 July 2021 
  • 19 October 2021 
  • 18 January 2022
  • 19 April 2022

Unwanted "Extras"

Although most people do not need Java on their computer, there are some programs and games that require Java.  In the event you need to continue using Java, How-to Geek discovered a little-known and  publicized option in the Java Control Panel to suppress the offers for the pre-checked unwanted extras that Oracle has long included with the updates.  Although the Ask Toolbar has been removed, tha does not preclude the pre-checked option for some other unnecessary add-on.

Do the following to suppress the sponsor offers:
  1. Launch the Windows Start menu
  2. Click on Programs
  3. Find the Java program listing
  4. Click Configure Java to launch the Java Control Panel
  5. Click the Advanced tab and go to the "Miscellaneous" section at the bottom.
  6. Check the box by the “Suppress sponsor offers when installing or updating Java” option and click OK.
Java suppress sponsor offers

Java Security Recommendations

1)  In the Java Control Panel, at minimum, set the security to high.
2)  Keep Java disabled until needed.  Uncheck the box "Enable Java content in the browser" in the Java Control Panel.
3)  Instructions on removing older (and less secure) versions of Java can be found at http://java.com/en/download/faq/remove_olderversions.xml

References




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...




Monday, April 19, 2021

Mozilla Firefox Version 88.0 Released With Security Updates

Firefox

Mozilla sent Firefox Version 88.0 to the release channel today.  The update includes ten security updates of which five (5) are rated high, six (6) moderate and two (2) rated low.

 

Firefox ESR was updated to Version 78.10.

 

High

 

Moderate

 

 

Low

 

 

New
 

  • PDF forms now support JavaScript embedded in PDF files. Some PDF forms use JavaScript for validation and other interactive features.
  • Print updates: Margin units are now localized.
  • Smooth pinch-zooming using a touchpad is now supported on Linux
  • To protect against cross-site privacy leaks, Firefox now isolates window.name data to the website that created it. Learn more

 

Fixed

 

  • Screen readers no longer incorrectly read content that websites have visually hidden, as in the case of articles in the Google Help panel.

 

Changed
 

  • Firefox will not prompt for access to your microphone or camera if you’ve already granted access to the same device on the same site in the same tab within the past 50 seconds. This new grace period reduces the number of times you’re prompted to grant device access.
  • The ‘Take a Screenshot’ feature was removed from the Page Actions menu in the url bar. To take a screenshot, right-click to open the context menu. You can also add a screenshots shortcut directly to your toolbar via the Customize menu. Open the Firefox menu and select Customize…
  • FTP support has been disabled, and its full removal is planned for an upcoming release. Addressing this security risk reduces the likelihood of an attack while also removing support for a non-encrypted protocol.

Moderate

 

 

Low

 

 

New
 

  • PDF forms now support JavaScript embedded in PDF files. Some PDF forms use JavaScript for validation and other interactive features.
  • Print updates: Margin units are now localized.
  • Smooth pinch-zooming using a touchpad is now supported on Linux
  • To protect against cross-site privacy leaks, Firefox now isolates window.name data to the website that created it. Learn more

 

Fixed

 

  • Screen readers no longer incorrectly read content that websites have visually hidden, as in the case of articles in the Google Help panel.

 

Changed
 

  • Firefox will not prompt for access to your microphone or camera if you’ve already granted access to the same device on the same site in the same tab within the past 50 seconds. This new grace period reduces the number of times you’re prompted to grant device access.
  • The ‘Take a Screenshot’ feature was removed from the Page Actions menu in the url bar. To take a screenshot, right-click to open the context menu. You can also add a screenshots shortcut directly to your toolbar via the Customize menu. Open the Firefox menu and select Customize…
  • FTP support has been disabled, and its full removal is planned for an upcoming release. Addressing this security risk reduces the likelihood of an attack while also removing support for a non-encrypted protocol.

References


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...





Saturday, April 17, 2021

Adobe Acrobat and Reader Optional Hotfix Released

Adobe
Adobe released an optional hotfix Adobe Acrobat DC and Adobe Reader DC for Windows and macOS that addresses important bug fixes.

Release date:  April 16, 2020
Vulnerability identifier: None
Platform: Windows and MacOS

Bug fixes
 
Browser
  • 4327498: Unable to open FDF from web app
Security-Signatures
  • 4327765: Acrobat and Reader generates incorrect signature data for Elliptical curve signatures when Elliptical Certificate is stored in Windows Certificate store.

Update

Reader DC was updated to version 21.001.20149.  Updates should become available via the internal updater or checks can be manually activated by choosing Help/Check for Updates. 


Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

References




Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Tuesday, April 13, 2021

Microsoft April 2021 Security Updates



The Microsoft April 2021 security updates have been released and consist of 114 CVEs.  The updates apply to the long list of products, features and roles that can be found in the April Security Updates Guide.  Of these 89 CVEs, 19 are rated Critical, 89, and 1 is rated Important in severity. Six additional bugs impact Chromium-based Edge.  

 

According to Microsoft, one bug is currently being exploited while four others are publicly known at the time of release.  In addition, CVE-2021-28310 is listed as being actively exploited.

  

The  updates released today will automatically remove Edge Legacy which is out of support and replace it with the new Chromium-based Edge.  In the event you still use legacy Edge or if you have blocked the Chromium Edge update using group policies/registry hacks, those settings will be ignored and the legacy version will be removed automatically.

 

Important Note For Windows 10, Version 2004 and Windows 10, Version 20H2:


Before installing this update


Prerequisite:  Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest cumulative update (LCU). If you encounter the error, 0x800f0823 – CBS_E_NEW_SERVICING_STACK_REQUIRED, close the error message and install the last standalone SSU (KB4598481) before installing this LCU. You will not need to install this SSU (KB4598481) again for future updates. 

 

For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.

 

For Windows 10 Version 1909, see KB5001337.

 

The KBs listed below contain information about known issues with the security updates:

KB Article

Applies To

4504715

SharePoint Server 2019 Language Pack

4504716

SharePoint Server 2019

5001330

Windows 10, Version 2004, Windows Server, Version 2004, Windows 10, Version 20H2, Windows Server, Version 20H2

5001332

Windows Server 2008 (Security-only update)

5001335

Windows 7, Windows Server 2008 R2 (Monthly Rollup)

5001337

Windows 10, Version 1909, Windows Server, Version 1909

5001342

Windows 10, Version 1809, Windows Server 2019

5001347

Windows 10, Version 1607, Windows Server 2016

5001382

Windows 8.1, Windows RT 8.1, Windows Server 2012 R2 (Monthly Rollup)

5001383

Windows Server 2012 (Security-only update)

5001387

Windows Server 2012 (Monthly Rollup)

5001389

Windows Server 2008 (Monthly Rollup)

5001392

Windows 7, Windows Server 2008 R2 (Security-only update)

5001393

Windows 8.1, Windows RT 8.1, Windows Server 2012 R2 (Security-only update)

5001779

Microosft Exchange Server 2019, 2016, 2013

 

 Recommended Reading:   See Dustin Childs review and analysis in Zero Day Initiative -- TheApril 2021 Security Update Review.

 

Additional Update Notes:

 

References


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...





Sunday, April 04, 2021

Happy Easter! "Khrystos Voskres!"



"Khrystos Voskres!"

(Christ is Risen!)






"Voistyno Voskres!"

(He is Truly Risen!)






Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...