Tuesday, August 30, 2022

Mozilla Firefox Version 104.0.1 Released with Minor Update

   FirefoxMozilla sent Firefox Version 104.0.1 to the release channel today.  

Fixed

  • Addresses an issue with Youtube video playback that was affecting some users.


Release Notes




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Thursday, August 25, 2022

August 2022 Windows 11 Non-Security Optional Preview "C" Release

       Microsoft released the monthly “C” release preview cumulative updates with non-security improvements and fixes for Windows 11.

Following are the highlights for KB5016691 (OS Build 22000.918) for Windows 11: 

  • Addresses an issue related to USB printing that might cause your printer to malfunction after you restart it or reinstall it.

  • Addresses an issue that prevents Windows 11 SE from trusting some Microsoft Store applications. This might prevent you from downloading the untrusted app.

  • Addresses an issue that might cause certain Bluetooth audio headsets to stop playing after a progress bar adjustment.

  • Addresses a known issue that causes Microsoft Edge to stop responding when you use IE mode. This issue also prevents you from interacting with a dialog.

See the referenced KB article for the long list of improvements and fixes included in the update.

Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest LCU.  For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.

Update:  To get the update, go to Settings > Update & Security > Windows Update. The link to download and install the update can be found in the Optional updates available area.  To get the standalone package for this update, go to the Microsoft Update Catalog website.


For information about the types of updates released by Microsoft each month, see Windows 11 life cycle and servicing update.

Windows 11 update history


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, August 23, 2022

August 2022 Windows 10 Version 1809 Non-Security Optional Preview "C" Release

  


 
Microsoft released KB5016690 (OS Build 17763.3346, optional “C” release preview cumulative updates with non-security improvements and fixes.

The following is the highlight included in the update:
  • Addresses an issue that might cause error 0x1E when you shut down or restart a device.

A long list of additional improvements and fixes is included in the referenced KB update.

This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates. For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.

Prerequisite: You must install the August 10, 2021 SSU (KB5005112) before installing the LCU.

Update:  To get the update, go to Settings > Update & Security > Windows Update.  The link to download and install the update can be found in the Optional updates available area.  To get the standalone package for this update, go to the Microsoft Update Catalog website.

Windows 10 update history



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Mozilla Firefox Version 104.0 Released with Security Updates

                FirefoxMozilla sent Firefox Version 104.0 to the release channel today.  The update includes six security updates of which four (4) are rated high and two (2) are rated low.

Firefox ESR was updated to Version 91.13.

High

Low

New

  • Subtitles are now available for Disney+ in Picture-in-Picture.
  • Firefox now supports both the scroll-snap-stop property as well as re-snapping. You can use the scroll-snap-stop property's always and normal values to specify whether or not to pass the snap points, even when scrolling fast. Re-snapping tries to keep the last snap position after any content/layout changes.
  • The Firefox profiler can analyze power usage of a website (Apple M1 and Windows 11 only).
  • The Firefox UI itself will now be throttled for performance and battery usage when minimized or occluded, in the same way background tabs are.

Fixed

  • Highlight color is preserved correctly after typing Enter in the mail composer of Yahoo Mail and Outlook.
  • After bypassing the https only error page navigating back would take you to the error page that was previously dismissed. Back now takes you to the previous site that was visited.
  • Paste unformatted shortcut (shift+ctrl/cmd+v) now works in plain text contexts, such as input and text area.

Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

References



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, August 09, 2022

Microsoft August 2022 Security Updates

              

The Microsoft August 2022 security updates have been released and consist of 151 CVEs.  Of these CVEs, 17 are rated critical, 102 rated important, 1 rated moderate, and 1 rated low in severity.  At the time of release, two are listed as publicly known and one is listed as under active attack.

The security updates apply to the following products, features, and roles: .NET Core, Active Directory Domain Services, Azure Batch Node Agent, Azure Real Time Operating System, Azure Site Recovery, Azure Sphere, Microsoft ATA Port Driver, Microsoft Bluetooth Driver, Microsoft Edge (Chromium-based), Microsoft Exchange Server, Microsoft Office, Microsoft Office Excel, Microsoft Office Outlook, Microsoft Windows Support Diagnostic Tool (MSDT), Remote Access Service Point-to-Point Tunneling Protocol, Role: Windows Fax Service, Role: Windows Hyper-V, System Center Operations Manager, Visual Studio, Windows Bluetooth Service, Windows Canonical Display Driver, Windows Cloud Files Mini Filter Driver, Windows Defender Credential Guard, Windows Digital Media, Windows Error Reporting, Windows Hello, Windows Internet Information Services, Windows Kerberos, Windows Kernel, Windows Local Security Authority (LSA), Windows Network File System, Windows Partition Management Driver, Windows Point-to-Point Tunneling Protocol, Windows Print Spooler Components, Windows Secure Boot, Windows Secure Socket Tunneling Protocol (SSTP), Windows Storage Spaces Direct, Windows Unified Write Filter, Windows WebBrowser Control, and Windows Win32K.

See the long list of KBs at the bottom of the page at August 2022 Security Updates - Release Notes - Security Update Guide - Microsoft for information regarding known issues with the security updates as well as the CVEs with FAQs, Mitigations and/or Workarounds. 

Recommended Reading:   See Dustin Childs review and analysis in Zero Day Initiative -- The August 2022 Security Update Review.

 

Additional Update Notes:

 

References




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...




 

Adobe Acrobat DC and Reader DC Security Updates Released

      

Adobe
Adobe has released updates for Adobe Acrobat DC and Reader DC for Windows and macOS. 

These updates address multiple critical, and important vulnerabilities. Successful exploitation could lead to arbitrary code execution and memory leak.  
 
Release date: August 9, 2022
Vulnerability identifier: APSB22-39
Platform: Windows and MacOS

Update or Complete Download

Reader DC and Acrobat DC were updated to version 22.001.20191 for Windows.  Updates should become available via the internal updater or checks can be manually activated by choosing Help/Check for Updates.  

Reader DC and other versions are available here: https://get.adobe.com/reader/

Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

References
Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Mozilla Firefox Version 103.0.2 Released

  FirefoxMozilla sent Firefox Version 103.0.2 to the release channel today.  

Fixed

  • Fixed menu shortcuts for users of the JAWS screen reader.
  • Fixed an occasional non-overridable certificate error when accessing device configuration pages.
  • Fixed an issue with Picture-in-Picture displaying in fullscreen on macOS.


Release Notes




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Wednesday, August 03, 2022

Pale Moon Out-of-Band Update to Version 31.2.0.1

             

Pale Moon

Pale Moon has been updated to version 31.2.0.1. 

This is a small out-of-band update to address the fact that the final builds did not include the intended NSS library update.

Linux versions will follow shortly.

Pale Moon includes both 32- and 64-bit versions for Windows:  Pale Moon for Windows downloads.

Update

To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

Release Notes
Release Cycle


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, August 02, 2022

Pale Moon Version 31.2.0 Released

            

Pale Moon

Pale Moon has been updated to version 31.2.0.  This is a major bugfix and development update.

Linux versions will follow shortly.

Changes/Fixes:

  • Implemented CSS white-space: break-spaces for web compatibility.
  • Implemented Intl.RelativeTimeFormat for web compatibility.
  • Implemented "Origin header CSRF mitigation". This is still disabled by default to investigate potential issues with CloudFlare-backed sites.
  • Implemented support for async generator methods in JavaScript.
  • Added preliminary support for building on Apple Silicon like M1/M2 SoC.
  • Added support for building with Visual Studio 2022.
  • Improved the handling of CSS "sticky" elements in tables.
  • Improved stack size limits on all platforms. See implementation notes.
  • Updated function.toString handling to align with the updated JavaScript spec. This should improve web compatibility.
  • Updated Unicode support to Unicode v11, and updated the ICU library accordingly. Building without ICU is no longer supported.
  • Updated many in-tree third-party libraries to pick up various performance and stability improvements.
  • Updated site-specific user-agent overrides to work around issues with Google fonts, Citi bank (again!) and MeWe.
  • Removed some leftover (and unused) telemetry code in the platform and front-end.
  • Fixed an issue with VP9 video playback on Windows on some systems.
  • Fixed an issue with the add-ons manager not properly handling empty update URLs.
  • Fixed a major performance regression on *nix based systems due to incorrect thread handling.
  • Fixed volume handling when building with the sndio audio back-end.
  • Pale Moon no longer applies content security policies to documents that are explicitly loaded as data documents or to images. See implementation notes.
  • Cleaned up some unnecessary code from the source tree for unused build back-ends, Firefox marketplace "apps", and the rather ridiculous moz://a protocol handler.
  • Updated NSS to 3.52.8 to pick up several defense-in-depth security fixes.
  • UXP Mozilla security patch summary: 3 DiD, 12 not applicable.

*DiD This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

**Rejected security patches: This means that patches were theoretically applicable to our code but considered undesirable, which could be due to unwanted changes in behavior, known regressions caused by the patches, or unnecessary risks for stability, security or privacy.

Implementation notes:

  • Prior to this version, Pale Moon would apply Content Security Policies (CSPs) to all requests made to servers that would respond with a policy header, as one would expect for strict use of CSPs as-intended. Unfortunately, Chrome has been less strict in applying these policies and specifically excluded applying these policies to images and "data documents". As a result, web compatibility became a problem for non-Google browsers with webmasters being oblivious about their overzealous CSPs deployed on websites, causing images (especially SVG) and data to not load or load properly. To align with mainstream browser behavior and improve web compatibility on misconfigured websites, we are now no longer applying CSPs to images or documents explicitly loaded as arbitrary data.
  • We've adjusted default per-thread stack sizes in the platform to be more generous on all platforms. This allows the browser to render more deeply nested visual elements in web pages and the new limit matches the capabilities of mainstream browsers as a result. Please note that some custom builds may need to adjust their linker's stack sizes on some operating systems to come to a stable and usable build with this change since the new Goanna rendering depth requires this larger stack size to not run out of memory. The default per-thread stack size is now 2 MB with the exception of 32-bit Windows builds where 1.5 MB is used to go easy on its limited address space. Custom Linux builds with system-default small stack sizes should adjust their build configuration accordingly.

Pale Moon includes both 32- and 64-bit versions for Windows:  Pale Moon for Windows downloads.

Update

To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

Release Notes
Release Cycle


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Monday, August 01, 2022

Mozilla Firefox Version 103.0.1 Released

 FirefoxMozilla sent Firefox Version 103.0.1 to the release channel today.  

New

  • Enabled hardware acceleration on newer AMD cards.

Fixed

  • Fixed a crash on Firefox shutdown caused by a bug in the audio manager.

Release Notes




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...