Friday, December 24, 2021

Merry Christmas, Khristos Razhdayetsya!

Warmest wishes to family, friends, 
fellow #WindowsInsiders, and 
Security Garden subscribers for a

Merry Christmas!
Khristos Razhdayetsya!

May you enjoy the spirit of Christmas every day of the coming year.

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Sunday, December 19, 2021

Mozilla Firefox Version 95.0.2 Released

         FirefoxMozilla released yet another update to Firefox, sending Firefox Version 95.0.2 to the release channel today.  


  • Addresses frequent crashes experienced by users with certain AMD CPUs running on Windows 7, 8, and 8.1

Security Updates
Release Notes
Rapid Release Calendar

Thursday, December 16, 2021

Mozilla Firefox Version 95.0.1 Released

        FirefoxMozilla sent Firefox Version 95.0.1 to the release channel today.  


  • Fixed frequent MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING error messages when trying to connect to various domains (bug 1745600)
  • Fix for a WebRender crash on some Linux/X11 systems (bug 1741956)
  • Fix for a frequent Windows shutdown crash (bug 1738984)
  • Fix websites contrast issues for some Linux users with Dark mode set at OS level (bug 1740518)

Security Updates
Release Notes
Rapid Release Calendar

Tuesday, December 14, 2021

Scot's Newsletter Forums Lives On!

Scot's Newsletter Forums

A little over two weeks ago, Scot Finnie (owner and founder of Scot's Newsletter Forums) posted what was to long-time members, a shocking Announcement that the time had come for him to pull away from the forums and Scot's Newsletter, reading in part:

"To be honest, in recent years -- since leaving Computerworld -- I have lost my long-held zeal for computers. I've moved on to other pursuits, and have even launched a small local business in an unrelated field.


My hope is that I can find someone or some group of people to whom I can turn over the forums, the domain, and all the keys to the castle. In other words, a new owner. As the new owner, you would have the option to use my first name in perpetuity (in any marketing materials etc.) For the first year I would be around to consult on any questions that might arise (at no cost). All that for one dollar. Such a deal.


I think that new blood, someone with new ideas who wants to try a few things, will find there's still enough of an ember on the forums to start something new. One of those ideas might be changing the name of the forums."

Fortunately, with the announcement today, We Have a New Owner! that hope has come true!   

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Microsoft December 2021 Security Updates


The Microsoft December 2021 security updates have been released and consist of 67 CVEs.  Of these CVEs, 7 are rated Critical, and 60 are rated Important severity.  At the time of release, five are listed as publicly known and one is listed as under active exploit.

The updates apply to the following long list of products:  Apps, ASP.NET Core & Visual Studio, Azure Bot Framework SDK, BizTalk ESB Toolkit, Internet Storage Name Service, Microsoft Defender for IoT, Microsoft Devices, Microsoft Edge (Chromium-based), Microsoft Local Security Authority Server (lsasrv), Microsoft Message Queuing, Microsoft Office, Microsoft Office Access, Microsoft Office Excel, Microsoft Office SharePoint, Microsoft PowerShell, Microsoft Windows Codecs Library, Office Developer Platform, Remote Desktop Client, Role: Windows Fax Service, Role: Windows Hyper-V, Visual Studio Code, Visual Studio Code - WSL Extension, Windows Common Log File System Driver, Windows Digital TV Tuner, Windows DirectX, Windows Encrypting File System (EFS), Windows Event Tracing, Windows Installer, Windows Kernel, Windows Media, Windows Mobile Device Management, Windows NTFS, Windows Print Spooler Components, Windows Remote Access Connection Manager, Windows Storage, Windows Storage Spaces Controller, Windows SymCrypt, Windows TCP/IP, and Windows Update Stack.

See the KBs listed at December 2021 Security Updates - Release Notes - Security Update Guide - Microsoft for information regarding known issues with the security updates as well as the CVEs with FAQs, Mitigations and/or Workarounds.

Note:  This is the month for the quarterly MSRT run.  Although included with Windows updates, it can be downloaded separately:  

Recommended Reading:   See Dustin Childs review and analysis in Zero Day Initiative -- The December 2021 Security Update Review.


Additional Update Notes:



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Pale Moon Version 29.4.3 Released with Security Updates


Pale Moon

Pale Moon has been updated to version 29.4.3.  This is a security update.  This update reinstates FUEL again for old extension compatibility. See implementation notes.

Linux versions will follow shortly.


  • Restored the FUEL abstraction library again.
  • Added some extra sanity checks to timers and text fragments. DiD
  • Added a potential crash safeguard in program threading logic. DiD
  • Fixed the following security issues: CVE-2021-43537, CVE-2021-43541, CVE-2021-43536, CVE-2021-43545 and CVE-2021-43542.
  • Unified XUL Platform Mozilla Security Patch Summary: 5 fixed, 3 DiD, 10 not applicable.

Implementation notes:

  • Despite being removed in 29.4.0 and 29.4.2, the long-since deprecated FUEL abstraction functions inside Pale Moon have been restored again after considerable blowback from the community and lack of effort to fix afflicted extensions. It was decided to just restore this indefinitely in the end, since it serves no-one to have users be forced to do without or stay on insecure versions of the browser for something nobody seems to want to address in the extension ecosystem. Keep an eye on the forum for a more in-depth announcement soon (will be linked here when available).

*DiD This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

Pale Moon includes both 32- and 64-bit versions for Windows:  Pale Moon for Windows downloads.


To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

Release Notes
Release Cycle

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, December 07, 2021

Mozilla Firefox Version 95 Released with Security Updates

       FirefoxMozilla sent Firefox Version 95.0 to the release channel today.  The update includes thirteen security updates of which six (6) are rated high, five (5) are rated moderate, and two (2) are rated low.

Firefox ESR was updated to Version 91.4.





  • RLBox — a new technology that hardens Firefox against potential security vulnerabilities in third-party libraries — is now enabled on all platforms.
  • Good news! You can now download Firefox from the Microsoft Store on Windows 10 and Windows 11 platforms.
  • We’ve reduced CPU usage on macOS in Firefox and WindowServer during event processing.
  • We’ve also reduced the power usage of software decoded video on macOS, especially in fullscreen. This includes streaming sites such as Netflix and Amazon Prime Video.
  • You can now move the Picture-in-Picture toggle button to the opposite side of the video. Simply look for the new context menu option Move Picture-in-Picture Toggle to Left (Right) Side.
  • To better protect Firefox users against side-channel attacks such as Spectre, Site Isolation is now enabled for all Firefox 95 users.


  • After starting Firefox, users of the JAWS screen reader and ZoomText magnifier will no longer need to switch applications in order to access Firefox.
  • You’ll find the state of controls using the ARIA switch role is now correctly reported by Mac OS VoiceOver.
  • You’ll see a faster content process startup on macOS.
  • We’ve also made memory allocator improvements.
  • And we’ve improved page load performance by speculatively compiling JavaScript ahead of time. 


  • We’ve added a User Agent override for, which allows Firefox users to use more Call features and have access to Huddles.

Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.