Thursday, July 27, 2023

Mozilla Firefox Version 115.0.3 Released

 

Mozilla sent Firefox Version 115.0.3 to the Release Channel.

Fixed

    • Improved migration experience for users switching to the ESR release. (bug 1845338).

Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox".  Mac users need to select "About Firefox" from the Firefox menu.  For non-English versions, Fully Localized Versions are available for download.

Release Notes


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Wednesday, July 26, 2023

July 2023 Windows 11 Version 22H2 Non-Security Optional Preview "C" Release

 Microsoft released the monthly “C” release preview cumulative updates with non-security improvements and fixes for Windows 11, Version 22H2 today.

Below are some of the many highlights included in the KB5028254 update.  See the KB article for the long list of improvements.

Highlights:

  • This update makes brightness settings more accurate.

  • This update addresses an issue that affects certain display and audio devices. They are missing after your system resumes from sleep.

  • This update addresses an issue that affects Widgets. They unpin from the taskbar when you do not expect it.

  • This update addresses an issue that affects virtual private networks (VPN). There might be excessive Address Resolution Protocol (ARP) requests to the network gateway. This occurs when the VPN is on a wireless mesh network that uses an aggressive throttling algorithm. Because of this, network performance is poor.

Update: To get the update, go to Settings > Update & Security > Windows Update. The link to download and install the update can be found in the Optional updates area.  To get the standalone package for this update, go to the Microsoft Update Catalog website.

For information about the types of updates released by Microsoft each month, see Windows monthly updates explained.


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, July 25, 2023

July 2023 Windows 11 Version 21H2 Non-Security Optional Preview "C" Release

 Microsoft released the monthly “C” release preview cumulative updates with non-security improvements and fixes for Windows 11, Version 21H2. 

Below are some of the highlights for KB5028245 (OS Build 22000.2245) for Windows 11 version 22H1.  See the KB Article for the long list of improvements and fixes included in the update.

  • This update addresses an issue that affects virtual private networks (VPN). There might be excessive Address Resolution Protocol (ARP) requests to the network gateway. This occurs when the VPN is on a wireless mesh network. Because of this, network performance is poor.

  • This update addresses an issue that affects certain display and audio devices. They are missing after your system resumes from sleep.

Update: To get the update, go to Settings > Update & Security > Windows Update. The link to download and install the update can be found in the Optional updates area.  To get the standalone package for this update, go to the Microsoft Update Catalog website.

For information about the types of updates released by Microsoft each month, see Windows monthly updates explained.


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

July 2023 Windows 10 Non-Security Optional Preview "C" Release

 Microsoft released KB5028244 for Windows 10 version 22H2 optional non-security release preview (Windows monthly updates explained).

The following are the highlighted changes included in the update:
  • This update addresses an issue that might affect your computer when you are playing a game. Timeout Detection and Recovery (TDR) errors might occur.

  • This update addresses an issue that affects certain display and audio devices. They are missing after your system resumes from sleep.  

  • This update addresses an issue that might affect some VPN clients. They might not establish a connection.

  • This update addresses an issue that affects the Search app. It opens in full screen, blocks additional Start menu actions, and you cannot close it.

See the referenced KB Article for quality improvements included in the update.

This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates. For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.

Update:  To get the update, go to Settings > Update & Security > Windows Update. The link to download and install the update can be found in the Optional updates available area.  To get the standalone package for this update, go to the Microsoft Update Catalog website.

Windows 10 update history



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Wednesday, July 19, 2023

Oracle Java SE Security Update Released

 

java



Oracle released the scheduled update for its Java SE Runtime Environment software.  
This is a bugfix and security update.

Download Information

Java SE Runtime Environment Version 8u381:  https://www.oracle.com/java/technologies/javase-jre8-downloads.html or https://java.com/en/download/manual.jsp

Important Oracle Java License Information: The Oracle Java License changed for releases starting April 16, 2019.  From the above-referenced download page:

"The Oracle Technology Network License Agreement for Oracle Java SE is substantially different from prior Oracle Java licenses. This license permits certain uses, such as personal use and development use, at no cost -- but other uses authorized under prior Oracle Java licenses may no longer be available. Please review the terms carefully before downloading and using this product. An FAQ is available here."

Java Security Recommendations

1) If Java is still installed on your computer, it is recommended that all updates be applied as soon as possible and older, less secure, versions uninstalled.  See Why should I uninstall older versions of Java from my system?.
2) 
In the Java Control Panel, at minimum, set the security to high.
3) Keep Java disabled until needed.  Uncheck the box "Enable Java content in the browser" in the Java Control Panel.

Notes:

  • UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.  Preferably, see the instructions below on how to handle "Unwanted Extras".  
  • Oracle does not plan to migrate desktops from Java 8 to Java 9 through the auto update feature.  Therefore, it is strongly recommended that you uninstall JRE 8 prior to updating.
  • Verify your version:  http://www.java.com/en/download/testjava.jsp  Note: The Java version verification page will only work if your browser has NPAPI support.  In that case, to check the version, open a cmd window and enter the following (note the space following Java):  java -version
  • Important: The Edge browser does not support plug-ins.  In the event you still have a need for Java, it will be necessary to use Firefox.

Patch Schedule

For Oracle Java SE, the next scheduled update is October 17, 2023.  The planned release schedule is available here.

Unwanted "Extras"

Although most people do not need Java on their computer, there are some programs and games that require Java.  In the event you need to continue using Java, How-to Geek discovered a little-known and publicized option in the Java Control Panel to suppress the offers for the pre-checked unwanted extras that Oracle has long included with the updates.  Although the Ask Toolbar has been removed, that does not preclude the pre-checked option for some other unnecessary add-on.

Do the following to suppress the sponsor offers:
  1. Launch the Windows Start menu
  2. Click on Programs
  3. Find the Java program listing
  4. Click Configure Java to launch the Java Control Panel
  5. Click the Advanced tab and go to the "Miscellaneous" section at the bottom.
  6. Check the box by the “Suppress sponsor offers when installing or updating Java” option and click OK.
Java suppress sponsor offers

References


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, July 18, 2023

Pale Moon Version 32.3.1 Released

 Pale Moon

Pale Moon has been updated to version 32.3.1.  This is a small but important bugfix release to address important regressions in 23.3.0.


Changes/fixes:
  • Fixed intermittent crashes related to the performance API.
  • Fixed intermittent issues with JavaScript malfunctioning in chrome scripts (causing faults in the UI and extensions).

Update:  To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

Release Notes 
Release Cycle

Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, July 11, 2023

Microsoft July 2023 Security Updates

 

The Microsoft July 2023 security updates have been released and consist of 130 new patches. Of the CVEs released, 9 are rated critical, 121 are rated important in severity. At the time of release, five are listed as being under active attack and none as publicly known.

The security updates apply to the following products, features and roles: Microsoft Windows and Windows Components; Office and Office Components; .NET and Visual Studio; Azure Active Directory and DevOps; Microsoft Dynamics; Printer Drivers; DNS Server; and Remote Desktop.

See the list of KBs at the bottom of the page at July 2023 Security Updates - Release Notes - Security Update Guide - Microsoft for information regarding known issues with the security updates as well as the CVEs with FAQs, Mitigations and/or Workarounds. For specific information on Windows 11, version 22H2, see KB5028185 and KB5027223 for Windows 11, version 21H2.  For Windows 10, Version 22H2, see KB5028166.


Recommended Reading:   See Dustin Childs review and analysis in Zero Day Initiative -- The July 2023 Security Update Review.

 

Additional Update Notes:

 

References




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Mozilla Firefox Version 115.0.2 Released with Security Update

 FirefoxMozilla sent Firefox Version 115.0.2 to the release channel with a security update rated moderate.


Moderate:  #CVE-2023-3600: Use-after-free in workers


Fixed

  • Fixed a startup crash experienced by some Windows users by blocking instances of a malicious injected DLL (bug 1841751)

  • Fixed a bug with displaying a caret in the text editor on some websites (bug 1840804)

  • Fixed a bug with broken audio rendering on some websites (bug 1841982)

  • Fixed a bug with patternTransform translate using the wrong units (bug 1840746)

Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox".  Mac users need to select "About Firefox" from the Firefox menu.  For non-English versions, Fully Localized Versions are available for download.

References



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Optional Hotfix Patch for Adobe Reader and Acrobat

 

Adobe
Adobe has released an optional hotfix patch for Acrobat and Acrobat Reader that addresses some important bug fixes for Adobe Acrobat DC and Reader. 

Update or Complete Download

Reader DC and Acrobat DC were updated to version 23.003.20244 for Windows.  Updates should become available via the internal updater or checks can be manually activated by choosing Help/Check for Updates.  

Reader DC and other versions are available here: https://get.adobe.com/reader/

Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

References

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Pale Moon Version 32.3.0 Released with Security Fixes

 Pale Moon

Pale Moon has been updated to version 32.3.0.  This is a major development further improving web compatibility and includes security fixes.

Changes/Fixes:

  • Added the (hidden) preference browser.history.menuMaxResults to allow users to control how many history entries are listed in the menu. Setting this to 0 will hide history menu entries altogether, and any positive number configures how many entries the entries are limited to. The default if not defined is 15.
  • Switched C++ language level used to C++14 on all platforms.
  • Web compatibility and scripting improvements:
    • Implemented geometry .from* static constructors for web compatibility.
    • Implemented partial support for CSS calc() in color keywords.
    • Implemented Array "find from last" feature (findLast and findLastIndex).
    • Implemented Object.hasOwn(object,property).
    • Implemented several additional Intl API methods and functions. This improves web compatibility with sites making use of things like hourCycle, advanced DateTimeFormat, Intl.Locale, and Intl as a constructor.
  • Cleaned up some unused code.
  • Removed support for Mozilla "experiment" type extensions.
  • Improved the JavaScript garbage collector's sweeping. This should fix a few intermittent crashes and improve performance.
  • Implemented some structural changes to the source to make future porting easier, and preparing for switching to C++17.
  • Removed handling of symlinks for directory linstings to prevent potential security issues by walking symlinks when uploading. This effectively reverts a change made in Firefox 50 where this functionality was introduced. A case of "Not such a good idea after all" ;-)
  • Updated the list of extensions on Windows treated as "executable".
  • Security issues addressed: CVE-2023-37208.
  • Made preparations for for requiring Authorization in CORS ACAH preflight.
    Since no browser honors this part of the spec at the moment this is left disabled until there is consensus among browsers.
  • UXP Mozilla security patch summary: 2 fixed, 2 rejected, 20 not applicable.

Notes:

DiD This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

Rejected security patches: This means that patches were theoretically applicable to our code but considered undesirable, which could be due to unwanted changes in behavior, known regressions caused by the patches, or unnecessary risks for stability, security or privacy.

Pale Moon includes both 32- and 64-bit versions for Windows: Pale Moon for Windows downloads.


Update: To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates


Release Notes
Release Cycle

Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Saturday, July 08, 2023

Mozilla Firefox Verson 115.0.1 Released

 

Mozilla sent Firefox Version 115.0.1 to the Release Channel.

Fixed

    • Fixed a startup crash for Windows users with Kingsoft Antivirus software installed (bug 1837242)

Release Notes


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, July 04, 2023

Mozilla Firefox Version 115.0 Released with Security Updates

 FirefoxMozilla sent Firefox Version 115.0 to the release channel.  The update includes four security updates of which four (4) are rated high, seven (7) moderate, and one (1) rated low.

Firefox ESR was updated to Version 102.13.

Note: This is the last major version of Firefox that will support Windows 7 and Windows 8 (Firefox Support Article) as well as Apple macOS 10.12, 10.13, and 10.14 (Firefox Support Article). Users on those operating systems will be migrated to the ESR 115 version of Firefox so that they continue to receive important updates. 

High

#CVE-2023-37201: Use-after-free in WebRTC certificate generation

#CVE-2023-37202: Potential use-after-free from compartment mismatch in SpiderMonkey

#CVE-2023-37211: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13

#CVE-2023-37212: Memory safety bugs fixed in Firefox 115


Moderate

#CVE-2023-37203: Drag and Drop API may provide access to local system files

#CVE-2023-37204: Fullscreen notification obscured via option element

#CVE-2023-37205: URL spoofing in address bar using RTL characters

#CVE-2023-37206: Insufficient validation of symlinks in the FileSystem API

#CVE-2023-37207: Fullscreen notification obscured

#CVE-2023-37208: Lack of warning when opening Diagcab files

#CVE-2023-37209: Use-after-free in `NotifyOnHistoryReload`


Low
#CVE-2023-37210: Full-screen mode exit prevention

New

  • Migrating from another browser? Now you can bring over payment methods you've saved in Chrome-based browsers to Firefox.

  • Hardware video decoding is now enabled for Intel GPUs on Linux.

  • The Tab Manager dropdown now features close buttons, so you can close tabs more quickly.

  • We've refreshed and streamlined the user interface for importing data in from other browsers.

  • Users without platform support for H264 video decoding can now fallback to Cisco's OpenH264 plugin for playback.

Fixed

  • Windows Magnifier now follows the text cursor correctly when the Firefox title bar is visible.

  • Windows users on low-end/USB wifi drivers and with OS geolocation disabled can now approve geolocation on a case by case basis without causing system-wide network instability.

Changed

  • Undo and redo are now available in Password fields.

  • On Linux, middle clicks on the new tab button will now open the xclipboard contents in the new tab. If the xclipboard content is a URL then that URL is opened, any other text is opened with your default search provider.

  • For users with a Firefox Colorways built-in theme, the theme will be automatically migrated to the same theme hosted on addons.mozilla.org for Firefox profiles that have disabled add-ons auto-updates. This will allow users to keep their Colorways theme when they are later removed from Firefox installer files.

  • Certain Firefox users may come across a message in the extensions panel indicating that their add-ons are not allowed on the site currently open. We have introduced a new back-end feature to only allow some extensions monitored by Mozilla to run on specific websites for various reasons, including security concerns.


Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

References



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...