Mozilla Firefox Version 104.0.1 Released with Minor Update

   Mozilla sent Firefox Version 104.0.1 to the release channel today.  

Fixed

• Addresses an issue with Youtube video playback that was affecting some users.

Release Notes

Rapid Release Calendar

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

August 2022 Windows 11 Non-Security Optional Preview "C" Release

       Microsoft released the monthly “C” release preview cumulative updates with non-security improvements and fixes for Windows 11.

Following are the highlights for KB5016691 (OS Build 22000.918) for Windows 11: 

• Addresses an issue related to USB printing that might cause your printer to malfunction after you restart it or reinstall it.

• Addresses an issue that prevents Windows 11 SE from trusting some Microsoft Store applications. This might prevent you from downloading the untrusted app.

• Addresses an issue that might cause certain Bluetooth audio headsets to stop playing after a progress bar adjustment.

• Addresses a known issue that causes Microsoft Edge to stop responding when you use IE mode. This issue also prevents you from interacting with a dialog.

See the referenced KB article for the long list of improvements and fixes included in the update.

Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest LCU.  For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.

Update:  To get the update, go to Settings > Update & Security > Windows Update. The link to download and install the update can be found in the Optional updates available area.  To get the standalone package for this update, go to the Microsoft Update Catalog website.

For information about the types of updates released by Microsoft each month, see Windows 11 life cycle and servicing update.

Windows 11 update history

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

August 2022 Windows 10 Version 1809 Non-Security Optional Preview "C" Release

  

 
Microsoft released KB5016690 (OS Build 17763.3346, optional “C” release preview cumulative updates with non-security improvements and fixes.

The following is the highlight included in the update:

• Addresses an issue that might cause error 0x1E when you shut down or restart a device.

A long list of additional improvements and fixes is included in the referenced KB update.

This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates. For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.

Prerequisite: You must install the August 10, 2021 SSU (KB5005112) before installing the LCU.

Update:  To get the update, go to Settings > Update & Security > Windows Update.  The link to download and install the update can be found in the Optional updates available area.  To get the standalone package for this update, go to the Microsoft Update Catalog website.

Windows 10 update history

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Mozilla Firefox Version 104.0 Released with Security Updates

                Mozilla sent Firefox Version 104.0 to the release channel today.  The update includes six security updates of which four (4) are rated high and two (2) are rated low.

Firefox ESR was updated to Version 91.13.

High

• #CVE-2022-38472: Address bar spoofing via XSLT error handling
• #CVE-2022-38473: Cross-origin XSLT Documents would have inherited the parent's permissions
• #CVE-2022-38477: Memory safety bugs fixed in Firefox 104 and Firefox ESR 102.2
• #CVE-2022-38478: Memory safety bugs fixed in Firefox 104, Firefox ESR 102.2, and Firefox ESR 91.13

Low

• #CVE-2022-38474: Recording notification not shown when microphone was recording on Android
• #CVE-2022-38475: Attacker could write a value to a zero-length array

New

• Subtitles are now available for Disney+ in Picture-in-Picture.
• Firefox now supports both the scroll-snap-stop property as well as re-snapping. You can use the scroll-snap-stop property's always and normal values to specify whether or not to pass the snap points, even when scrolling fast. Re-snapping tries to keep the last snap position after any content/layout changes.
• The Firefox profiler can analyze power usage of a website (Apple M1 and Windows 11 only).
• The Firefox UI itself will now be throttled for performance and battery usage when minimized or occluded, in the same way background tabs are.

Fixed

• Highlight color is preserved correctly after typing Enter in the mail composer of Yahoo Mail and Outlook.
• After bypassing the https only error page navigating back would take you to the error page that was previously dismissed. Back now takes you to the previous site that was visited.
• Paste unformatted shortcut (shift+ctrl/cmd+v) now works in plain text contexts, such as input and text area.

Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

References

• Security Updates
• Release Notes
• Rapid Release Calendar

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Microsoft August 2022 Security Updates

              

The Microsoft August 2022 security updates have been released and consist of 151 CVEs.  Of these CVEs, 17 are rated critical, 102 rated important, 1 rated moderate, and 1 rated low in severity.  At the time of release, two are listed as publicly known and one is listed as under active attack.

The security updates apply to the following products, features, and roles: .NET Core, Active Directory Domain Services, Azure Batch Node Agent, Azure Real Time Operating System, Azure Site Recovery, Azure Sphere, Microsoft ATA Port Driver, Microsoft Bluetooth Driver, Microsoft Edge (Chromium-based), Microsoft Exchange Server, Microsoft Office, Microsoft Office Excel, Microsoft Office Outlook, Microsoft Windows Support Diagnostic Tool (MSDT), Remote Access Service Point-to-Point Tunneling Protocol, Role: Windows Fax Service, Role: Windows Hyper-V, System Center Operations Manager, Visual Studio, Windows Bluetooth Service, Windows Canonical Display Driver, Windows Cloud Files Mini Filter Driver, Windows Defender Credential Guard, Windows Digital Media, Windows Error Reporting, Windows Hello, Windows Internet Information Services, Windows Kerberos, Windows Kernel, Windows Local Security Authority (LSA), Windows Network File System, Windows Partition Management Driver, Windows Point-to-Point Tunneling Protocol, Windows Print Spooler Components, Windows Secure Boot, Windows Secure Socket Tunneling Protocol (SSTP), Windows Storage Spaces Direct, Windows Unified Write Filter, Windows WebBrowser Control, and Windows Win32K.

See the long list of KBs at the bottom of the page at August 2022 Security Updates - Release Notes - Security Update Guide - Microsoft for information regarding known issues with the security updates as well as the CVEs with FAQs, Mitigations and/or Workarounds. 

Recommended Reading:   See Dustin Childs review and analysis in Zero Day Initiative -- The August 2022 Security Update Review.

 

Additional Update Notes:

• MSRT -- The Malicious Software Removal Tool is now run on a quarterly basis rather than monthly.  See Remove specific prevalent malware with Windows Malicious Software Removal Tool. 
• Servicing Stack Updates -- Microsoft now combines the latest servicing stack update (SSU) for your operating system with the Latest Cumulative Updates (LCU). For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.
  
• Windows updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows, in addition to non-security updates. The updates are also available via search for the KB number in the Microsoft Update Catalog.
• For information on lifecycle and support dates for Windows 10 and Windows 11 operating systems, please see Windows 10 Home and Pro - Microsoft Lifecycle | Microsoft Docs and Windows 11 Home and Pro (Version 21H2) - Microsoft Lifecycle | Microsoft Docs.
• Windows Update History:
• Windows 11
• Windows 10
• Windows 8.1

 

References

• Security Update FAQ
• Security Updates Guide

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

 

Adobe Acrobat DC and Reader DC Security Updates Released

      

Adobe has released updates for Adobe Acrobat DC and Reader DC for Windows and macOS. 

These updates address multiple critical, and important vulnerabilities. Successful exploitation could lead to arbitrary code execution and memory leak.  

 

Release date: August 9, 2022
Vulnerability identifier: APSB22-39
Platform: Windows and MacOS

Update or Complete Download

Reader DC and Acrobat DC were updated to version 22.001.20191 for Windows.  Updates should become available via the internal updater or checks can be manually activated by choosing Help/Check for Updates.  

Reader DC and other versions are available here: https://get.adobe.com/reader/

Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

References

• PSIRT
• Release Notes
• Security Bulletin
• System Requirements

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Mozilla Firefox Version 103.0.2 Released

  Mozilla sent Firefox Version 103.0.2 to the release channel today.  

Fixed

• Fixed menu shortcuts for users of the JAWS screen reader.
• Fixed an occasional non-overridable certificate error when accessing device configuration pages.
• Fixed an issue with Picture-in-Picture displaying in fullscreen on macOS.

Release Notes

Rapid Release Calendar

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Pale Moon Out-of-Band Update to Version 31.2.0.1

             

Pale Moon has been updated to version 31.2.0.1. 

This is a small out-of-band update to address the fact that the final builds did not include the intended NSS library update.

Linux versions will follow shortly.

Pale Moon includes both 32- and 64-bit versions for Windows:  Pale Moon for Windows downloads.

Update

To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

Release Notes
Release Cycle

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Pale Moon Version 31.2.0 Released

            

Pale Moon has been updated to version 31.2.0.  This is a major bugfix and development update.

Linux versions will follow shortly.

Changes/Fixes:

• Implemented CSS white-space: break-spaces for web compatibility.
• Implemented Intl.RelativeTimeFormat for web compatibility.
• Implemented "Origin header CSRF mitigation". This is still disabled by default to investigate potential issues with CloudFlare-backed sites.
• Implemented support for async generator methods in JavaScript.
• Added preliminary support for building on Apple Silicon like M1/M2 SoC.
• Added support for building with Visual Studio 2022.
• Improved the handling of CSS "sticky" elements in tables.
• Improved stack size limits on all platforms. See implementation notes.
  
• Updated function.toString handling to align with the updated JavaScript spec. This should improve web compatibility.
• Updated Unicode support to Unicode v11, and updated the ICU library accordingly. Building without ICU is no longer supported.
  
• Updated many in-tree third-party libraries to pick up various performance and stability improvements.
  
• Updated site-specific user-agent overrides to work around issues with Google fonts, Citi bank (again!) and MeWe.
• Removed some leftover (and unused) telemetry code in the platform and front-end.
• Fixed an issue with VP9 video playback on Windows on some systems.
• Fixed an issue with the add-ons manager not properly handling empty update URLs.
  
• Fixed a major performance regression on *nix based systems due to incorrect thread handling.
• Fixed volume handling when building with the sndio audio back-end.
• Pale Moon no longer applies content security policies to documents that are explicitly loaded as data documents or to images. See implementation notes.
  
• Cleaned up some unnecessary code from the source tree for unused build back-ends, Firefox marketplace "apps", and the rather ridiculous moz://a protocol handler.
• Updated NSS to 3.52.8 to pick up several defense-in-depth security fixes.
• UXP Mozilla security patch summary: 3 DiD, 12 not applicable.

*DiD This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

**Rejected security patches: This means that patches were theoretically applicable to our code but considered undesirable, which could be due to unwanted changes in behavior, known regressions caused by the patches, or unnecessary risks for stability, security or privacy.

Implementation notes:

• Prior to this version, Pale Moon would apply Content Security Policies (CSPs) to all requests made to servers that would respond with a policy header, as one would expect for strict use of CSPs as-intended. Unfortunately, Chrome has been less strict in applying these policies and specifically excluded applying these policies to images and "data documents". As a result, web compatibility became a problem for non-Google browsers with webmasters being oblivious about their overzealous CSPs deployed on websites, causing images (especially SVG) and data to not load or load properly. To align with mainstream browser behavior and improve web compatibility on misconfigured websites, we are now no longer applying CSPs to images or documents explicitly loaded as arbitrary data.
• We've adjusted default per-thread stack sizes in the platform to be more generous on all platforms. This allows the browser to render more deeply nested visual elements in web pages and the new limit matches the capabilities of mainstream browsers as a result. Please note that some custom builds may need to adjust their linker's stack sizes on some operating systems to come to a stable and usable build with this change since the new Goanna rendering depth requires this larger stack size to not run out of memory. The default per-thread stack size is now 2 MB with the exception of 32-bit Windows builds where 1.5 MB is used to go easy on its limited address space. Custom Linux builds with system-default small stack sizes should adjust their build configuration accordingly.

Pale Moon includes both 32- and 64-bit versions for Windows:  Pale Moon for Windows downloads.

Update

To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

Release Notes
Release Cycle

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Mozilla Firefox Version 103.0.1 Released

 Mozilla sent Firefox Version 103.0.1 to the release channel today.  

New

• Enabled hardware acceleration on newer AMD cards.

Fixed

• Fixed a crash on Firefox shutdown caused by a bug in the audio manager.

Release Notes

Rapid Release Calendar

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...