Pale Moon Bugfix Update Version 29.4.5.1 Released

       

Pale Moon has been updated to version 29.4.5.1.  This is a bugfix update. 

Linux versions will follow shortly.

Changes/fixes:

• This is a bugfix update to address performance issues due to caching.

Pale Moon includes both 32- and 64-bit versions for Windows:  Pale Moon for Windows downloads.

Update

To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

Release Notes
Release Cycle

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

March 2022 Windows 11 Non-Security Optional Preview "C" Release

  Microsoft released the monthly “C” release preview cumulative updates with non-security improvements and fixes for Windows 11 and other supported versions of Windows.

Following are the highlights for KB5011563 (OS Build 22000.593) for Windows 11: 

• New! Displays up to three high-priority toast notifications simultaneously. This feature is for apps that send notifications for calls, reminders, or alarms using Windows notifications in the OS. As a result, up to four toast notifications might appear simultaneously–three-high priority notifications and one normal priority notification.
• Updates an issue that might cause a Microsoft OneDrive file to lose focus after you rename it and press the Enter key. When a file loses focus, you have to select it again before you can use it.
• Returns the corresponding Settings page when you search for the word widgets. 

Update:  To get the update, go to Settings > Update & Security > Windows Update.  The link to download and install the update can be found in the Optional updates available area.  To get the standalone package for this update, go to the Microsoft Update Catalog website.

See the referenced KB article for the long list of improvements and fixes included in the update.

Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest LCU.  For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.

For information about the types of updates released by Microsoft each month, see Windows 11 life cycle and servicing update.

Windows 11 update history

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Mozilla Firefox Version 98.0.2 Released

       Mozilla sent Firefox Version 98.0.2 to the release channel today.  

Fixed

• Fixed an issue preventing users from typing in Address Bar after opening new tab and pressing cmd + enter (bug 1757376)
• Fixed an issue causing some users to crash in out-of-memory conditions (bug 1757618)
• Fixed an issue in session history which caused some sites to fail to load (bug 1758664)
• Fixed an add-on specific compatibility issue (bug 1759162)
  

Security Updates
Release Notes
Rapid Release Calendar

Pale Moon Version 29.4.5 Released with Security Updates

      

Following the recall of Pale Moon version 30, Pale Moon has been updated to version 29.4.5.  This is a security update. 

Linux versions will follow shortly.

Changes/fixes:

• Fixed several application crash scenarios. DiD
• Fixed a number of thread locking/mutex issues. DiD
• Fixed a leak of content types due to inconsistent error reporting. (CVE-2022-22760)
  
• Fixed an issue with iframe sandboxing not being properly applied. (CVE-2022-22759)
• Fixed a potential leak of bookmarks from the exported bookmarks file if it included a malicious bookmarklet.
• Fixed an issue with drag-and-drop. (CVE-2022-22756)
• Fixed a potential crash due to truncated WAV files.
• Fixed a memory safety issue with XSLT. (CVE-2022-26485)

*DiD: This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

Pale Moon includes both 32- and 64-bit versions for Windows:  Pale Moon for Windows downloads.

Update

To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

Release Notes
Release Cycle

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

March 2022 Windows 10 Non-Security Optional Preview "C" Release

      

Microsoft released KB5011543 (OS Builds 19042.1620, 19043.1620, and 19044.1620), the monthly “C” release preview cumulative update with non-security improvements and fixes for Windows 10.

The highlighted changes include the following:

• New! Introducing search highlights -- Search highlights will present notable and interesting moments of what’s special about each day—like holidays, anniversaries, and other educational moments in time both globally and in your region. To see more details at a glance, hover, click, or tap on the illustration in the search box.

• Updates an issue that prevents Android device users from signing in to some Microsoft applications, such as Microsoft Outlook or Microsoft Teams. 

• Updates an issue that causes the Back button of the credentials window, where you sign in, to become invisible in high contrast black mode. 

For information about the types of updates released by Microsoft each month see Windows 10 update servicing cadence primer.

IMPORTANT: Windows 10, version 20H2 will reach end of service on May 10, 2022 for devices running the Home, Pro, Pro Education, and Pro for Workstations editions. After May 10, 2022, these devices will no longer receive monthly security and quality updates that contain protection from the latest security threats. To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10 or Windows 11.

Update:  To get the update, go to Settings > Update & Security > Windows Update.  The link to download and install the update can be found in the Optional updates available area.  To get the standalone package for this update, go to the Microsoft Update Catalog website.

This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates. For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.

Windows 10 update history

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Pale Moon Version 30 Recalled

  

Pale Moon version 30 has been recalled due to both an incomplete release as well as damage done to the project.  

The information provided by Moonchild regarding the Current situation for Pale Moon:

"What does this mean in practice? One of three things:

• If you have been updated to Pale Moon 30.0.1 over the weekend or last Monday, and are not experiencing any difficulties in your browsing, the you should be fine to stay on that version until 30.1.0 comes out later.
• If you are on 29.4.4, then you are fine. We're working on a security update to it, and this is the current (latest) version of the browser. We are working on a security update to address a major issue that was fixed in v30.0.0, which will be released very soon.
• If you are on v30.0.0 or are having issues with v30.0.1, then you are strongly encouraged to download v29.4.4 from the website and downgrade the browser to that version. It is best in that case if you also restore a backup of your profile from v29, but should not be disastrous if you don't have such a backup handy. You will be served 29.4.5 when it is released to get security up to date on this version. In this case you may also need to re-download v29 versions of any add-ons that may have been updated to a v30 one (you can recognise these by the -fxguid suffix to the version). These can be found in the temporary location on the archive server."

Additional information regarding the situation at Pale Moon is available in Moonchild's posts at Unplanned outage and Outage post-mortem.  

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Pale Moon Version 30.0.1 Released with Critical Bugfix Update

 

Pale Moon has been updated to version 30.0.1.  This is a critical bugfix update that should address the performance and stability issues seen in Pale Moon 30.0.0.

Changes/fixes:

• Fixed an issue with browser initialization that would leave some components (like password managing) incorrectly initialized if the (obsolete) preference privacy.donottrackheader.enabled was set.
• Fixed an issue in XML transformation that could cause crashes, performance issues and general stability problems.

Pale Moon includes both 32- and 64-bit versions for Windows:  Pale Moon for Windows downloads.

Update:

To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

Release Notes
Release Cycle

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Pale Moon Version 30 Released with Security Updates and Return to Firefox's GUID

      

Pale Moon has been updated to version 30.0.0.  In addition to security fixes as well as extensive internal changes, of note is the following:

"Pale Moon is abandoning its own GUID (globally-unique identifier) and adopting Firefox's GUID instead to provide maximum compatibility with old and unmaintained Firefox extensions alongside those that are maintained on our add-ons site."

Most notable user-facing/implementation changes:

• Implemented Global Privacy Control, taking the place of the unenforceable "DNT" (Do Not Track) signal. If you previously enabled DNT, then this preference will be adopted for Global Privacy Control (GPC). Through GPC, you indicate to websites that you do not want them to share or sell your data.
• "Default browser" controls in preferences has been moved to "General".
• Updated emoji support to Twemoji 13.1.
• Implemented Selection.setBaseAndExtent() for web compatibility.
• Implemented queueMicroTask() for web compatibility.

Bugfixes, stability and security:

• Updated various in-tree libraries: cubeb, sqlite, cairo, ...
• Fixed an issue with the Linux desktop shortcut file to solve potential DE integration problems on common distributions.
  
• Fixed an issue with page and iframe content margins not being applied properly when passed as attributes instead of CSS.
• Ensured JavaScript and JSON files are always recognized as known MIME types so they can be opened appropriately from local sources.
• Fixed an issue with rapid loading and unloading of js modules causing browser crashes.
• Fixed an issue with tooltips being cut off at the end if containing exceedingly long unwrappable series of characters.
• Fixed several application crash scenarios. DiD
• Fixed a large number of thread locking/mutex issues. DiD
• Fixed a leak of content types due to inconsistent error reporting. (CVE-2022-22760)
  
• Fixed an issue with iframe sandboxing not being properly applied. (CVE-2022-22759)
• Fixed a potential leak of bookmarks from the exported bookmarks file if it included a malicious bookmarklet.
• Fixed an issue with drag-and-drop. (CVE-2022-22756)
• Fixed a potential crash due to truncated WAV files.
• Fixed a memory safety issue with XSLT. (CVE-2022-26485)

*DiD This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

Pale Moon includes both 32- and 64-bit versions for Windows:  Pale Moon for Windows downloads.

Update

To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

Release Notes
Release Cycle

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Mozilla Firefox Version 98.0.1 Released

      Mozilla sent Firefox Version 98.0.1 to the release channel today.  

Changed

• Yandex and Mail.ru have been removed as optional search providers in the drop-down search menu in Firefox.

  If you previously installed a customized version of Firefox with Yandex or Mail.ru, offered through partner distribution channels, this release removes those customizations, including add-ons and default bookmarks. Where applicable, your browser will revert back to default settings, as offered by Mozilla. All other releases of Firefox remain unaffected by the change.

Security Updates

Release Notes
Rapid Release Calendar

Microsoft March 2022 Security Updates

         

The Microsoft March 2022 security updates have been released and consist of 71 CVEs.  Of these CVEs, 3 rated Important and 68 Moderate in severity.  At the time of release, three are listed as publicly known but none are listed as under active exploit.

The updates apply to .NET and Visual Studio, Azure Site Recovery, Microsoft Defender for Endpoint, Microsoft Defender for IoT, Microsoft Edge (Chromium-based), Microsoft Exchange Server, Microsoft Intune, Microsoft Office Visio, Microsoft Office Word, Microsoft Windows ALPC, Microsoft Windows Codecs Library, Paint 3D, Role: Windows Hyper-V, Skype Extension for Chrome, Tablet Windows User Interface, Visual Studio Code, Windows Ancillary Function Driver for WinSock, Windows CD-ROM Driver, Windows Cloud Files Mini Filter Driver, Windows COM, Windows Common Log File System Driver, Windows DWM Core Library, Windows Event Tracing, Windows Fastfat Driver, Windows Fax and Scan Service, Windows HTML Platform, Windows Installer, Windows Kernel, Windows Media, Windows PDEV, Windows Point-to-Point Tunneling Protocol, Windows Print Spooler Components, Windows Remote Desktop, Windows Security Support Provider Interface, Windows SMB Server, Windows Update Stack, and Xbox.

See the KBs listed at the bottom of the page at March 2022 Security Updates - Release Notes - Security Update Guide - Microsoft for information regarding known issues with the security updates as well as the CVEs with FAQs, Mitigations and/or Workarounds.

Recommended Reading:   See Dustin Childs review and analysis in Zero Day Initiative -- The March 2022 Security Update Review.

 

Additional Update Notes:

• MSRT -- The Malicious Software Removal Tool is now run on a quarterly basis rather than monthly.  See Remove specific prevalent malware with Windows Malicious Software Removal Tool. 
• Servicing Stack Updates -- Microsoft now combines the latest servicing stack update (SSU) for your operating system with the Latest Cumulative Updates (LCU). For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.
  
• Windows updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows, in addition to non-security updates. The updates are also available via search for the KB number in the Microsoft Update Catalog.
• For information on lifecycle and support dates for Windows 10 and Windows 11 operating systems, please see Windows 10 Home and Pro - Microsoft Lifecycle | Microsoft Docs and Windows 11 Home and Pro (Version 21H2) - Microsoft Lifecycle | Microsoft Docs.
• Windows Update History:
• Windows 11
• Windows 10
• Windows 8.1

 

References

• Security Update FAQ
• Security Updates Guide

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

 

Mozilla Firefox Version 98.0 Released with Security Updates

          Mozilla sent Firefox Version 98.0 to the release channel today.  The update includes eighteen security updates of which four (4) are rated high and three (3) are rated moderate.

Firefox ESR was updated to Version 91.7.

 

High

• #CVE-2022-26383: Browser window spoof using fullscreen mode
• #CVE-2022-26384: iframe allow-scripts sandbox bypass
• #CVE-2022-26387: Time-of-check time-of-use bug when verifying add-on signatures
• #CVE-2022-26381: Use-after-free in text reflows

Moderate

• #CVE-2022-26382: Autofill Text could be exfiltrated via side-channel attacks
• #CVE-2022-26385: Use-after-free in thread shutdown
• #CVE-2022-0843: Memory safety bugs fixed in Firefox 98

New 

Firefox has a new optimized download flow. Instead of prompting every time, files will download automatically. However, they can still be opened from the downloads panel with just one click.  Additional information is available at Manage Downloads preferences using the Downloads menu panel.

Fixed  

• Now, you can set a default app to open a file type. Choose the application you want to use to open files of a specific type in your Firefox settings.
• After updating to Firefox version 98, "Always ask" download actions will now be reset.

Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

References

• Security Updates
• Release Notes
• Rapid Release Calendar

MSRT (Malicious Software Removal Tool) Update Released

  

The MSRT (Malicious Software Removal Tool) is released monthly.  The object of the MSRT is to remove malicious software from your computer.  Usually, it is released on "Update Tuesday" but was released a day early this month.

The MSRT can be downloaded from the following locations:

• 32-bit OS: Windows Malicious Software Removal Tool 32-bit
• 64-bit OS: Windows Malicious Software Removal Tool 64-bit

As of this posting, the standalone package for this update has not been added to the Microsoft Update Catalog website.

via ky331: Note: For those of you who are paranoid about the possibility of a False Positive, you can run the tool via a Command Prompt, and specify the /N parameter.

 

/N	Runs in detect-only mode. In this mode, malicious software will be reported to the user, but it will not be removed.

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Adobe Acrobat DC and Reader DC Updates Released

      

Adobe has released updates for Adobe Acrobat DC and Reader DC for Windows and macOS. These updates address multiple critical and moderate vulnerabilities.  This is the first Adobe Acrobat and Reader in a very long time that does not include security fixes. 

 

Release date: March 7, 2022
Vulnerability identifier: None
Platform: Windows and MacOS

Update or Complete Download

Reader DC and Acrobat DC were updated to version 22.001.20085.  Updates should become available via the internal updater or checks can be manually activated by choosing Help/Check for Updates.  Reader DC and other versions are available here: https://get.adobe.com/reader/

Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

References

• PSIRT
• Release Notes
• Security Bulletin
• System Requirements

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Mozilla 97.0.2 Released with Security Updates

      Mozilla sent Firefox Version 97.0.2 to the release channel today to fix security vulnerabilities in Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0, and Focus 97.3.0.

The update includes two security updates, both rated critical.

Critical

• #CVE-2022-26485: Use-after-free in XSLT parameter processing

• #CVE-2022-26486: Use-after-free in WebGPU IPC Framework

Security Updates
Release Notes
Rapid Release Calendar