Mozilla sent Firefox Version 115.0.3 to the Release Channel.
Fixed
Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox". Mac users need to select "About Firefox" from the Firefox menu. For non-English versions, Fully Localized Versions are available for download.
Microsoft released the monthly “C” release preview cumulative updates with non-security improvements and fixes for Windows 11, Version 22H2 today.
Below are some of the many highlights included in the KB5028254 update. See the KB article for the long list of improvements.
Highlights:
This update makes brightness settings more accurate.
This update addresses an issue that affects certain display and audio devices. They are missing after your system resumes from sleep.
This update addresses an issue that affects Widgets. They unpin from the taskbar when you do not expect it.
This update addresses an issue that affects virtual private networks (VPN). There might be excessive Address Resolution Protocol (ARP) requests to the network gateway. This occurs when the VPN is on a wireless mesh network that uses an aggressive throttling algorithm. Because of this, network performance is poor.
Update: To get the update, go to Settings > Update & Security > Windows Update. The link to download and install the update can be found in the Optional updates area. To get the standalone package for this update, go to the Microsoft Update Catalog website.
For information about the types of updates released by Microsoft each month, see Windows monthly updates explained.
Microsoft released the monthly “C” release preview cumulative updates with non-security improvements and fixes for Windows 11, Version 21H2.
Below are some of the highlights for KB5028245 (OS Build 22000.2245) for Windows 11 version 22H1. See the KB Article for the long list of improvements and fixes included in the update.
This update addresses an issue that affects virtual private networks (VPN). There might be excessive Address Resolution Protocol (ARP) requests to the network gateway. This occurs when the VPN is on a wireless mesh network. Because of this, network performance is poor.
This update addresses an issue that affects certain display and audio devices. They are missing after your system resumes from sleep.
Update: To get the update, go to Settings > Update & Security > Windows Update. The link to download and install the update can be found in the Optional updates area. To get the standalone package for this update, go to the Microsoft Update Catalog website.
For information about the types of updates released by Microsoft each month, see Windows monthly updates explained.
Microsoft released KB5028244 for Windows 10 version 22H2 optional non-security release preview (Windows monthly updates explained).
This update addresses an issue that might affect your computer when you are playing a game. Timeout Detection and Recovery (TDR) errors might occur.
This update addresses an issue that affects certain display and audio devices. They are missing after your system resumes from sleep.
This update addresses an issue that might affect some VPN clients. They might not establish a connection.
This update addresses an issue that affects the Search app. It opens in full screen, blocks additional Start menu actions, and you cannot close it.
This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates. For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.
Update: To get the update, go to Settings > Update & Security > Windows Update. The link to download and install the update can be found in the Optional updates available area. To get the standalone package for this update, go to the Microsoft Update Catalog website.
Oracle released the scheduled update for its Java SE Runtime Environment software. This is a bugfix and security update.
Java SE Runtime Environment Version 8u381: https://www.oracle.com/java/technologies/javase-jre8-downloads.html or https://java.com/en/download/manual.jsp.
Important Oracle Java License Information: The Oracle Java License changed for releases starting April 16, 2019. From the above-referenced download page:
"The Oracle Technology Network License Agreement for Oracle Java SE is substantially different from prior Oracle Java licenses. This license permits certain uses, such as personal use and development use, at no cost -- but other uses authorized under prior Oracle Java licenses may no longer be available. Please review the terms carefully before downloading and using this product. An FAQ is available here."
Java Security Recommendations
1) If Java is still installed on your computer, it is recommended that all updates be applied as soon as possible and older, less secure, versions uninstalled. See Why should I uninstall older versions of Java from my system?.
2) In the Java Control Panel, at minimum, set the security to high.
3) Keep Java disabled until needed. Uncheck the box "Enable Java content in the browser" in the Java Control Panel.
Pale Moon has been updated to version 32.3.1. This is a small but important bugfix release to address important regressions in 23.3.0.
Update: To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window. Select About Pale Moon > Check for Updates.
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...
The Microsoft July 2023 security updates have been released and consist of 130 new patches. Of the CVEs released, 9 are rated critical, 121 are rated important in severity. At the time of release, five are listed as being under active attack and none as publicly known.
The security updates apply to the following products, features and roles: Microsoft Windows and Windows Components; Office and Office Components; .NET and Visual Studio; Azure Active Directory and DevOps; Microsoft Dynamics; Printer Drivers; DNS Server; and Remote Desktop.
See the list of KBs at the bottom of the page at July 2023 Security Updates - Release Notes - Security Update Guide - Microsoft for information regarding known issues with the security updates as well as the CVEs with FAQs, Mitigations and/or Workarounds. For specific information on Windows 11, version 22H2, see KB5028185 and KB5027223 for Windows 11, version 21H2. For Windows 10, Version 22H2, see KB5028166.
Recommended Reading: See Dustin Childs review and analysis in Zero Day Initiative -- The July 2023 Security Update Review.
Additional Update Notes:
References
Mozilla sent Firefox Version 115.0.2 to the release channel with a security update rated moderate.
Moderate: #CVE-2023-3600: Use-after-free in workers
Fixed
Fixed a startup crash experienced by some Windows users by blocking instances of a malicious injected DLL (bug 1841751)
Fixed a bug with displaying a caret in the text editor on some websites (bug 1840804)
Fixed a bug with broken audio rendering on some websites (bug 1841982)
Fixed a bug with patternTransform translate using the wrong units (bug 1840746)
Reader DC and Acrobat DC were updated to version 23.003.20244 for Windows. Updates should become available via the internal updater or checks can be manually activated by choosing Help/Check for Updates.
Reader DC and other versions are available here: https://get.adobe.com/reader/
Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.
Pale Moon has been updated to version 32.3.0. This is a major development further improving web compatibility and includes security fixes.
Changes/Fixes:
Notes:
DiD This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.
Rejected security patches: This means that patches were theoretically applicable to our code but considered undesirable, which could be due to unwanted changes in behavior, known regressions caused by the patches, or unnecessary risks for stability, security or privacy.
Pale Moon includes both 32- and 64-bit versions for Windows: Pale Moon for Windows downloads.
Update: To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window. Select About Pale Moon > Check for Updates.
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...
Mozilla sent Firefox Version 115.0.1 to the Release Channel.
Fixed
Mozilla sent Firefox Version 115.0 to the release channel. The update includes four security updates of which four (4) are rated high, seven (7) moderate, and one (1) rated low.
Firefox ESR was updated to Version 102.13.
Note: This is the last major version of Firefox that will support Windows 7 and Windows 8 (Firefox Support Article) as well as Apple macOS 10.12, 10.13, and 10.14 (Firefox Support Article). Users on those operating systems will be migrated to the ESR 115 version of Firefox so that they continue to receive important updates.
High
#CVE-2023-37201: Use-after-free in WebRTC certificate generation
#CVE-2023-37202: Potential use-after-free from compartment mismatch in SpiderMonkey
#CVE-2023-37211: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13
#CVE-2023-37212: Memory safety bugs fixed in Firefox 115
Moderate
#CVE-2023-37203: Drag and Drop API may provide access to local system files
#CVE-2023-37204: Fullscreen notification obscured via option element
#CVE-2023-37205: URL spoofing in address bar using RTL characters
#CVE-2023-37206: Insufficient validation of symlinks in the FileSystem API
#CVE-2023-37207: Fullscreen notification obscured
#CVE-2023-37208: Lack of warning when opening Diagcab files
#CVE-2023-37209: Use-after-free in `NotifyOnHistoryReload`
Low
#CVE-2023-37210: Full-screen mode exit prevention
New
Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox." Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.
References
