Mozilla Firefox Version 91.0.2 Released

  Mozilla sent Firefox Version 91.0.2 to the release channel.

Fixed

• High Contrast Mode is no longer enabled by default when "Increase Contrast" is checked in macOS settings (bug 1726606)
• Firefox no longer clears authentication data when purging trackers, to avoid repeatedly prompting for a password (bug 1721084)

Update 

To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

References

• Security Updates
• Release Notes
• Rapid Release Calendar
  
  

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Pale Moon Version 29.4.0.2 Released

   

Pale Moon has been updated to version 29.4.0.2.  

This is a small update to address sound issues on some systems with version 29.4.0.  

From the Release Notes:

"This is an out-of-band update to address the issue that in rare occasions on both Linux and Windows, audio would stop working (e.g. for playing videos or MP3s). We're still investigating the root cause of this issue on Windows (Linux cause was already found) but have temporarily reverted to our previous audio library (libcubeb) version for this release to provide a proper media experience for our users in the interim."

Pale Moon includes both 32- and 64-bit versions for Windows:  Pale Moon for Windows downloads.

Update

To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Pale Moon Out-of-Band Update to Address Issue with the FUEL Component

  

Pale Moon has been updated to version 29.4.1.  

This is an out-of-band update to address an issue with the FUEL component.  As described in the Release Notes:

"In 29.4.0, the optional FUEL component (long since deprecated precursor to the Mozilla Add-On SDK) was removed from Pale Moon. This had unexpected impact on a number of popular extensions as well as a few bits of core functionality that went unnoticed in our pre-release testing and unstable channel.

As part of our commitment to resolving issues and giving extension developers some more time to address any problems with this removal of the component from the browser, this update temporarily restores the FUEL component.

If you are an extension developer relying on FUEL components or namespaces (e.g. implicit 'Application'), please update your extension before the next major release."

Pale Moon includes both 32- and 64-bit versions for Windows:  Pale Moon for Windows downloads.

Update

To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Pale Moon Version 29.4.0 Released With Security Updates

 

Pale Moon has been updated to version 29.4.0.  This is a development, bugfix and security release.  The release schedule was adjusted to provide web compatibility improvements and not just a security update this month.

Changes/fixes:

• Implemented promise.allSettled().
• Implemented global origin on windows and workers.
• Improved performance of memory allocations.
• Updated libcubeb to the current development version.
  This improves OSS compatibility and addresses potential crashes, performance issues and security issues.
• Updated SQLite to 3.36.0.
• Improved thread safety of the web content cache. DiD
• Added several fixes to avoid potential crashes and security issues. DiD
• Unified XUL Platform Mozilla Security Patch Summary: 5 DiD, 12 not applicable.

*DiD This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

Pale Moon includes both 32- and 64-bit versions for Windows:  Pale Moon for Windows downloads.

Update

To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

Release Notes

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Mozilla Firefox Version 91.0.1 Released With Security Update

 Mozilla sent Firefox Version 91.0.1 to the release channel with one security update rated high in severity.

High#

• CVE-2021-29991: Header Splitting possible with HTTP/3 Responses

Fixed

• Fixed an issue causing buttons on the tab bar to be resized when loading certain websites (bug 1704404)
• Fixed an issue which caused tabs from private windows to be visible in non-private windows when viewing switch-to-tab results in the address bar panel (bug 1720369)
  

Update 

To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

References

• Security Updates
• Release Notes
• Rapid Release Calendar
  
  

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Microsoft August Security Updates

  

The Microsoft August 2021 security updates have been released and consist of 44 CVEs.  Of these CVEs, 7 are rated Critical and 37 are rated Important in severity.  

According to Microsoft, two of these bugs are publicly known and one is under active attack at the time of release.

The updates apply to the following products:  .NET Core & Visual Studio, ASP .NET, Azure, Azure Sphere, Microsoft Azure Active Directory Connect, Microsoft Dynamics, Microsoft Graphics Component, Microsoft Office, Microsoft Office SharePoint, Microsoft Office Word, Microsoft Scripting Engine, Microsoft Windows Codecs Library, Remote Desktop Client, Windows Bluetooth Service, Windows Cryptographic Services, Windows Defender, Windows Event Tracing, Windows Media, Windows MSHTML Platform, Windows NTLM, Windows Print Spooler Components, Windows Services for NFS ONCRPC XDR Driver, Windows Storage Spaces Controller, Windows TCP/IP, Windows Update, Windows Update Assistant, and Windows User Profile Service.

See the KBs listed at August 2021 Security Updates - Release Notes - Security Update Guide - Microsoft for information regarding known issues with the security updates.

Recommended Reading:   See Dustin Childs review and analysis in Zero Day Initiative -- The August 2021 Security Update Review.

 

Additional Update Notes:

• MSRT -- The Malicious Software Removal Tool is now run on a quarterly basis rather than monthly.  See Remove specific prevalent malware with Windows Malicious Software Removal Tool.
• Servicing Stack Updates -- Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest LCU. For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.
  
• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are also available via the Microsoft Update Catalog.
• For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
• Windows Update History:
• Windows 10
• Windows 8.1

 

References

• Security Update FAQ
• Security Updates Guide

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

 

Mozilla Firefox Version 91.0 Released With Security Updates

   Mozilla sent Firefox Version 91.0 to the release channel today.  The update includes eleven security updates of which eight (8) are rated high, two (2) moderate, and one (1) rated low.

Firefox ESR was updated to Version 78.13.

High

• CVE-2021-29986: Race condition when resolving DNS names could have led to memory corruption 

• CVE-2021-29981: Live range splitting could have led to conflicting assignments in the JIT

• CVE-2021-29988: Memory corruption as a result of incorrect style treatment 

• CVE-2021-29983: Firefox for Android could get stuck in fullscreen mode

• CVE-2021-29984: Incorrect instruction reordering during JIT optimization 

• CVE-2021-29980: Uninitialized memory in a canvas object could have led to memory corruption 

• CVE-2021-29989: Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13 

• CVE-2021-29990: Memory safety bugs fixed in Firefox 91

Moderate

• CVE-2021-29987: Users could have been tricked into accepting unwanted permissions on Linux
• CVE-2021-29985: Use-after-free media channels

Low

• CVE-2021-29982: Single bit data leak due to incorrect JIT optimization and type confusion

New

• Building on Total Cookie Protection, we've added a more comprehensive logic for clearing cookies that prevents hidden data leaks and makes it easy for users to understand which websites are storing local information. Learn more
• Firefox now supports logging into Microsoft, work, and school accounts using Windows single sign-on. Learn moreThe simplify page when printing feature is back! When printing, under More settings > Format select the Simplified option when available to get a clutter-free page. Learn more
• HTTPS-First Policy: Firefox Private Browsing windows now attempt to make all connections to websites secure, and fall back to insecure connections only when websites do not support it. Learn more
• We've added a new locale: Scots (sco)
• The address bar now provides Switch to Tab results also in Private Browsing windows.
• Firefox now automatically enables High Contrast Mode when "Increase Contrast" is checked on MacOS
• Firefox now does catch-up paints for almost all user interactions, enabling a 10-20% improvement in response time to most user interactions.

Update 

To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

References

• Security Updates
• Release Notes
• Rapid Release Calendar