Mozilla Firefox Version 117.0 Released with Security Updates

 Mozilla sent Firefox Version 117.0 to the release channel.  The update includes fourteen security updates of which eight (8) are rated high, four (4) moderate, and two (2) rated low.

Firefox ESR was updated to Versions 102.14 and 115.2.

High

#CVE-2023-4573: Memory corruption in IPC CanvasTranslator

#CVE-2023-4574: Memory corruption in IPC ColorPickerShownCallback

#CVE-2023-4574: Memory corruption in IPC ColorPickerShownCallback

#CVE-2023-4575: Memory corruption in IPC FilePickerShownCallback

#CVE-2023-4576: Integer Overflow in RecordedSourceSurfaceCreation

#CVE-2023-4577: Memory corruption in JIT UpdateRegExpStatics

#CVE-2023-4584: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2

#CVE-2023-4585: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2

Moderate

#CVE-2023-4578: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception

#CVE-2023-4579: Persisted search terms were formatted as URLs

#CVE-2023-4580: Push notifications saved to disk unencrypted

#CVE-2023-4581: XLL file extensions were downloadable without warnings

Low

#CVE-2023-4582: Buffer Overflow in WebGL glGetProgramiv

#CVE-2023-4583: Browsing Context potentially not cleared when closing Private Window

New

• Support for credit card autofill has been extended to users running Firefox in the IT, ES ,AT, BE, and PL locales.

• macOS users can now control the tabability of controls and links via about:preferences.
  

• To avoid undesirable outcomes on sites which specify their own behavior when pressing shift+right-click, Firefox now has a dom.event.contextmenu.shift_suppresses_event preference to prevent the context menu from appearing.

Fixed

• YouTube video lists now scroll correctly when navigating with a screen reader.

Changed

• Firefox no longer shows its own screen sharing indicator on Wayland desktop environments. The system default sharing indicator will be used instead.

Web Platform

• Support for improved CSS nesting is now enabled by default.

• Firefox now supports RTCRtpScriptTransform.

• ReadableStream.from is now supported, allowing creation of a ReadableStream from an (async) iterable.

• Firefox now supports the math-style and math-depth CSS properties and the font-size: math value.

Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

References

• Security Updates
• Release Notes
• Rapid Release Calendar

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Optional Hotfix Patch for Adobe Reader and Acrobat

 

Adobe has released an optional hotfix patch for Acrobat and Acrobat Reader that addresses some important bug fixes for Adobe Acrobat DC and Reader. 

Update or Complete Download

Reader DC and Acrobat DC were updated to version 23.003.20284 for Windows.  Updates should become available via the internal updater or checks can be manually activated by choosing Help/Check for Updates.  

Reader DC and other versions are available here: https://get.adobe.com/reader/

Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

References

• Release Notes

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

August 2023 Windows 10 Non-Security Optional Preview "C" Release

 Microsoft released KB5029331 for Windows 10 version 22H2 optional non-security release preview (Windows monthly updates explained).

The following are the highlighted changes included in the update:

• This update addresses an issue that might affect your computer when you are playing a game. Timeout Detection and Recovery (TDR) errors might occur.

• This update addresses an issue that affects certain display and audio devices. They are missing after your system resumes from sleep.  

• This update addresses an issue that might affect some VPN clients. They might not establish a connection.

• This update addresses an issue that affects the Search app. It opens in full screen, blocks additional Start menu actions, and you cannot close it.

See the referenced KB Article for quality improvements included in the update.

This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates. For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.

Update:  To get the update, go to Settings > Update & Security > Windows Update. The link to download and install the update can be found in the Optional updates available area.  To get the standalone package for this update, go to the Microsoft Update Catalog website.

Windows 10 update history

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

August 2023 Windows 11 Version 21H2 Non-Security Optional Preview "C" Release

 Microsoft released the monthly “C” release preview cumulative updates with non-security improvements and fixes for Windows 11, Version 22H1 today.

Below are the highlights for KB5029332 (OS Build 22000.2360) for Windows 11 version 22H1.  See the KB Article for the list of improvements and fixes included in the update.

Highlights:

• New! This update improves how Windows detects your location. This helps to give you better weather, news, and traffic information.

• This update supports daylight saving time (DST) changes in Israel.

Update: To get the update, go to Settings > Update & Security > Windows Update. The link to download and install the update can be found in the Optional updates area.  To get the standalone package for this update, go to the Microsoft Update Catalog website.

For information about the types of updates released by Microsoft each month, see Windows monthly updates explained.

Windows 11 update history

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

August 2023 Windows 11 Version 22H2 Non-Security Optional Preview "C" Release

 Microsoft released the monthly “C” release preview cumulative updates with non-security improvements and fixes for Windows 11, Version 22H2 today.

Below are some of the many highlights included in the KB5029351 update.  See the KB article for the long list of quality improvements.

Highlights:

• New! This update adds a new hover behavior to the search box gleam. When you hover over it, the search flyout box might appear. You can adjust this behavior by right-clicking the taskbar. Then choose Taskbar settings to change your search box experience.

• This update supports daylight saving time (DST) changes in Israel.

• This update addresses an issue that affects the search icon. When you select it, the Search app does not open. This occurs after a machine has been asleep.

• This update improves the reliability of the Search app.

• This update addresses an issue that affects the TAB key. Using it to browse search results requires additional actions.

• This update addresses an issue that affects Narrator. It does not correctly identify the search box on the taskbar and search highlights within the search box.

• This update addresses an issue that affects the search box size. Its size is reduced in tablet posture mode on Microsoft Surface Pro and Surface Book devices.

Update: To get the update, go to Settings > Update & Security > Windows Update. The link to download and install the update can be found in the Optional updates area.  To get the standalone package for this update, go to the Microsoft Update Catalog website.

For information about the types of updates released by Microsoft each month, see Windows monthly updates explained.

Windows 11 update history

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Mozilla Firefox Version 116.0.3 Released

  

Mozilla sent Firefox Version 116.0.3 to the Release Channel.

Fixed

• Fixed an issue for OPFS users (especially those using the Adobe Photoshop) that broke access to files that were locally cached in a previous version. (bug 1847989, bug 1847619)

• Fixed an issue that was breaking screensharing for some users on Wayland. (bug 1841851)

• Fixed an issue where a fullscreen notification was persistently being shown to a user, even after disabling it. (bug 1847901)

• Fixed an issue where Firefox would hang when doing a Google search. (bug 1847066)

Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox".  Mac users need to select "About Firefox" from the Firefox menu.  For non-English versions, Fully Localized Versions are available for download.

Release Notes

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Microsoft August 2023 Security Updates

 

The Microsoft August 2023 security updates have been released and consist of 72 new patches and 2 advisories. Of the CVEs released, 6 are rated critical, 67 are rated important in severity. At the time of release, none are listed as being under active attack or as publicly known.

The security updates apply to the following products, features and roles: Microsoft Windows and Windows Components; Edge (Chromium-Based); Exchange Server; Office and Office Components; .NET and Visual Studio; ASP.NET; Azure DevOps and HDInsights; Teams; and Windows Defender.

See the list of KBs at the bottom of the page at August 2023 Security Updates - Release Notes - Security Update Guide - Microsoft for information regarding known issues with the security updates as well as the CVEs with FAQs, Mitigations and/or Workarounds. For specific information on Windows 11, version 22H2, see KB5029263 and KB5029253 for Windows 11, version 21H2.  For Windows 10, Version 22H2, see KB5029244.

Recommended Reading:   See Dustin Childs review and analysis in Zero Day Initiative -- The August 2023 Security Update Review.

 

Additional Update Notes:

• MSRT -- The Malicious Software Removal Tool is now run on a quarterly basis rather than monthly.  See Remove specific prevalent malware with Windows Malicious Software Removal Tool. 
• Servicing Stack Updates -- Microsoft now combines the latest servicing stack update (SSU) for your operating system with the Latest Cumulative Updates (LCU). For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.
  
• Windows updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows, in addition to non-security updates. The updates are also available via search for the KB number in the Microsoft Update Catalog.
• For information on lifecycle and support dates for Windows 10 and Windows 11 operating systems, please see Windows 10 Home and Pro - Microsoft Lifecycle | Microsoft Docs and Windows 11 Home and Pro (Version 21H2) - Microsoft Lifecycle | Microsoft Docs.
• Windows Update History:
• Windows 11
• Windows 10

 

References

• Security Update FAQ
• Security Updates Guide

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Adobe Acrobat/Reader Update Released with Security Updates

 

Adobe has released an update with new features, bug fixes and security updates for Acrobat and Acrobat Reader. 

The security updates are described as addressing critical, important, and moderate vulnerabilities.  Successful exploitation could lead to application denial-of-service, security feature bypass, memory leak, and arbitrary code execution.

Update or Complete Download

Adobe Acrobat and Reader were updated to version 23.003.20269 for Windows.  Updates should become available via the internal updater or checks can be manually activated by choosing Help/Check for Updates.  

Reader DC and other versions are available here: https://get.adobe.com/reader/

Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

Release Notes

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Mozilla Firefox Version 116.0.2 Released

 

Mozilla sent Firefox Version 116.0.2 to the Release Channel.

Fixed

• • Fixes an issue that was causing keystrokes to be scrambled for users using ZoneAlarm anti-keylogger. (bug 1847033).

Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox".  Mac users need to select "About Firefox" from the Firefox menu.  For non-English versions, Fully Localized Versions are available for download.

Release Notes

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Mozilla Firefox Version 116.0.1 Released

 

Mozilla sent Firefox Version 116.0.1 to the Release Channel.

Fixed

• • Fixed an issue which caused chart elements to render incorrectly for Windows users. (bug 1846613).

Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox".  Mac users need to select "About Firefox" from the Firefox menu.  For non-English versions, Fully Localized Versions are available for download.

Release Notes

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Mozilla Firefox Version 116.0 Released with Security Update

 Mozilla sent Firefox Version 116.0 to the release channel.  The update includes four security updates of which nine (9) are rated high, three (3) moderate, and one (1) rated low.

Firefox ESR was updated to Versions 102.14 and 115.1.

High

#MFSA-RESERVE-2023-0001: Offscreen Canvas could have bypassed cross-origin restrictions

#MFSA-RESERVE-2023-0002: Incorrect value used during WASM compilation

#MFSA-RESERVE-2023-0003: Potential permissions request bypass via clickjacking

#MFSA-RESERVE-2023-0004: Crash in DOMParser due to out-of-memory conditions

#MFSA-RESERVE-2023-0005: Fix potential race conditions when releasing platform objects

#MFSA-RESERVE-2023-0006: Stack buffer overflow in StorageManager

#MFSA-RESERVE-2023-0012: Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14

#MFSA-RESERVE-2023-0013: Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1

#MFSA-RESERVE-2023-0014: Memory safety bugs fixed in Firefox 116

Moderate

#MFSA-RESERVE-2023-0007: Full screen notification obscured by file open dialog

#MFSA-RESERVE-2023-0008: File deletion and privilege escalation through Firefox uninstaller

#MFSA-RESERVE-2023-0009: Full screen notification obscured by external program

Low

#MFSA-RESERVE-2023-0011: Cookie jar overflow caused unexpected cookie jar state

New

• Sidebar switcher allows users to access Bookmarks, History and Synced Tabs panels easily, quickly switch between them, move the sidebar to another side of the browser window, or close the sidebar. Now, keyboard users would be able to do it all with ease too, with or without any assistive technology running, without needing to memorize keyboard shortcuts to access these panels.

• When an update is available in English locales, users will now have access to the release notes in the update notification prompt in the form of a "Learn More" link.

• It is now possible to copy any file from your operating system and paste it into Firefox.

• You asked, and we listened! The volume slider is now available in Picture-in-Picture.

• We added the possibility to edit existing text annotations.

Fixed

• The upload performance of HTTP/2 has been significantly improved starting with Firefox 115.0, particularly on those with a higher bandwidth delay product (i.e., networks characterized by both high bandwidth and high latency).

Changed

• The keyboard shortcut to reopen closed tabs (command + shift + t) now reopens last closed tab or last closed window, in the order items were closed. If there aren't any tabs or windows to reopen, this command restores the previous session. This change is in anticipation of upcoming changes to recently closed tabs.

Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

References

• Security Updates
• Release Notes
• Rapid Release Calendar

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...