Thursday, December 05, 2024

Pale Moon Version 33.5.0 Released with Security Updates

 Pale Moon Pale Moon has been updated to version 33.5.0.  This is a development, bugfix and security release.  

Note: Intel Mac builds are now "ad hoc" signed instead of unsigned, which should solve potential issues with newer macOS while still being compatible with old OS X. If you experience issues, please post in the Mac board on the forum for support.

Changes/fixes:

  • Implemented Regular Expression "match indices" (/d) feature.
  • Added a way to programmatically clear the DNS cache in the browser, and added a button to the UI for it in about:networking.
  • Updated handling of referrer policies to adhere to the updated spec.
  • CSS font variations keywords no longer throw an error. See implementation notes.
  • CSS border-radius will now also apply to element outlines.
  • Improved the display of amount of cached web content in preferences when cache is being cleared.
  • Improved the installer AVX check to skip on early versions of Windows 10 (which don't support it).
  • Updated NSS to 3.90.5 (unofficial) to pick up some security fixes.
  • Refreshed the built-in list of effective top-level domains.
  • Fixed several application crashes.
  • Reduced unnecessary debug/informative messages in release builds (WebGL and CSP).
  • Backed out building against ffmpeg 6.0 and ffvpx 6.0 for causing a video playback regression on full-range videos (levels 0-255).
  • Cleaned up a large amount of leftover Boot2Gecko code, simplifying code paths throughout the code base.
  • From this version forward we also publish language packs for Persian (Farsi), Hindi, Kannada and Vietnamese.
  • Security issues addressed: CVE-2024-11693 and CVE-2024-11704 (DiD).

Implementation notes:

  • The CSS font variations keywords (woff2-variations, truetype-variations, etc.) allow webmasters to indicate format hints for @font-face font resources so authors can provide alternative resources for browsers that don't support tech(variations). The intent of these hints is to provide an alternate font with variations in addition to regular fonts without. Unfortunately, some webmasters don't indicate a base font the variation font face would be an alternate for, which resulted in Pale Moon throwing an error on the only @font-face src entry provided, in turn having the web font not being loaded at all (because no valid entry was found), breaking website layout. From this version onwards, we parse the -variations keywords allowing variation alternative font-faces to be loaded, even if no base font was specified. To webmasters only supplying @font-face entries with variations keywords: please understand the intent of this CSS 4 spec and always provide a base font entry (graceful fallback).

*DiD: This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

**Rejected security patches: This means that patches were theoretically applicable to our code but considered undesirable, which could be due to unwanted changes in behavior, known regressions caused by the patches, or unnecessary risks for stability, security or privacy.

Pale Moon includes both 32- and 64-bit versions for Windows: Pale Moon for Windows downloads.

Update: To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

Release Notes
Release Cycle


Remember - "A day without laughter is a day wasted."

Wednesday, December 04, 2024

Optional Hotfix Patch for Adobe Reader and Acrobat

 

Adobe
Adobe has released an optional hotfix patch that addresses some important bug fixes.

Update or Complete Download

Reader DC and Acrobat DC were updated to version 24.005.20307.  Updates should become available via the internal updater or checks can be manually activated by choosing Help/Check for Updates.  

Reader DC and other versions are available here: https://get.adobe.com/reader/

Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

References

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, November 26, 2024

Mozilla Firefox Version 133.0 Released with Security Updates

 FirefoxMozilla sent Firefox Version 133.0 to the release channel.  Firefox ESR was updated to Version 128.5.  

Note: For Firefox users on Windows 7, 8 and 8.1, Firefox Version 115 is the last supported version for those operating systems and will be moved to the latest ESR version by automatic update.  See Firefox users on Windows 7, 8 and 8.1 moving to Extended Support Release.

The update includes seventeen security updates of which two (2) are rated high, nine (9) are rated moderate, and six (6) are rated low.

High

#

#CVE-2024-11691: Memory corruption in Apple GPU drivers
#CVE-2024-11699: Memory safety bugs fixed in Firefox 133, Firefox ESR 128.5, and Thunderbird 128.5

CVE-2024-11691: Memory corruption in Apple GPU drivers

Moderate

#CVE-2024-11700: Potential Tapjacking Exploit for Intent Confirmation on Android
#CVE-2024-11692: Select list elements could be shown over another site
#CVE-2024-11701: Misleading Address Bar State During Navigation Interruption
#CVE-2024-11702: Inadequate Clipboard Protection in Private Browsing Mode on Android
#CVE-2024-11693: Download Protections were bypassed by .library-ms files on Windows
#CVE-2024-11694: CSP Bypass and XSS Exposure via Web Compatibility Shims
#CVE-2024-11695: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters
#CVE-2024-11703: Password access without authentication via PIN bypass on Android
#CVE-2024-11696: Unhandled Exception in Add-on Signature Verification

Low

#CVE-2024-11697: Improper Keypress Handling in Executable File Confirmation Dialog
#CVE-2024-11704: Potential Double-Free Vulnerability in PKCS#7 Decryption Handling
#CVE-2024-11698: Fullscreen Lock-Up When Modal Dialog Interrupts Transition on macOS
#CVE-2024-11705: Null Pointer Dereference in NSC_DeriveKey
#CVE-2024-11706: Null Pointer Dereference in PKCS#12 Utility
#CVE-2024-11708: Data race with PlaybackParams

New

  • Firefox now has a new anti-tracking feature, Bounce Tracking Protection, which is now available in Enhanced Tracking Protection's "Strict" mode. This feature detects bounce trackers based on their redirect behavior and periodically purges their cookies and site data to block tracking.
  • The sidebar to view tabs from other devices can now be opened via the Tab overview menu.
  • GPU-accelerated Canvas2D is now enabled by default on Windows providing a performance improvement.

Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

References


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Thursday, November 21, 2024

November 2024 Windows 11 24H2 Non-Security Preview Update

  Microsoft released KB5044384 (OS Builds 22100.2161 for Windows 11 24H2.

Gradual rollout

These might not be available to all users because they will roll out gradually.​​​​​

  • [Settings] New! Tailored Experiences is now Personalized offers in the out of box experience (OOBE). You can find it on the Recommendations and offers page. Go to Settings > Privacy & security. Here, you can turn off the setting that sends data about your device to enhance Windows.
  • [Taskbar]
    • New! The system tray shows a shortened date and time. Also, the notification bell icon might not show if you have set the toggle for “Do not disturb” to on. If the bell icon does not show, click the date and time to view your messages in the notification center. To go back to the long form of the date and time, go to Settings > Date and Time. Then turn on the toggle for “Show time and day in the system tray.” To show the bell icon, go to Settings > System > Notifications. Turn on the toggle for “Notifications.” You can also get to these settings using the context menu. Just right click the system tray clock or bell icon.
    • Fixed: When you choose "Automatically hide the taskbar," the search box shows as an icon, not as a search box.
  • [Start menu] New! When you right-click apps that you have pinned to the Start menu, jump lists will appear for apps that have jump lists.
  • [Touchscreen] New! This update adds a new section for touchscreen edge gestures. Go to Settings > Bluetooth & Devices > Touch. There, you can choose if you would like to turn off the left or right screen edge touch gesture.
  • [Input Method Editor (IME)] New! After you install this update, the IME toolbar will hide when apps are in full screen mode. This only occurs when the IME toolbar is active and you type Chinese or Japanese characters.​​​​​​​
  • [File Explorer]
    • New! You can share content to an Android device from the context menu in File Explorer and on the desktop. To use this feature, you must install and configure Phone Link on your PC.​​​​​​​
    • Fixed: There might be more space than you expect between the items listed in the left pane.
    • Fixed: The search box is cut off when the File Explorer window is small.
  • [Dynamic Lighting Settings page]
    • New! Its page will show a placeholder message when there is no compatible device attached to your computer. Also, the Brightness and Effects controls will be off.
    • New! This update adds the Forward, Backward, Outward, and Inward direction options to the Wave effect. The Gradient effect now has the Forward direction option.

  • [Jump lists] New! If you hold Shift and CTRL and click a jump list item, this opens the item as an admin.
  • [Speech in Windows] New!This update improves the speech-to-text and text-to-speech features in Windows. You might get a message that asks you to update your language files manually. You can get those files from Microsoft Store. This change affects those of you who use Narrator, voice access, live captions, live translations, and voice typing.
  • ​​​​​​​[Display]
    • Fixed: App windows might collect in the corner of a monitor after your device goes to sleep. This occurs when you use multiple monitors.
    • Fixed: Mica material might not display correctly. This occurs when you use a slideshow background.​​​​​​​​​​​​​​​​​​​​​
    • Fixed: Some secondary displays might experience lag and screen tearing when a window is in full screen.
  • [Mouse] Fixed: When you use the "Show location of pointer when I press the CTRL key," the circles might be tiny on some displays.
  • [Clipboard] Fixed: Clipboard history (Windows logo key plus sign (+) V) might show no content. This issue occurs even though it is on, and you have copied text and images.

Normal rollout

  • [Mouse and game bar] Fixed: Your mouse might unlock from the game window. This occurs when you have multiple monitors and open and close the game bar.

See the KB article for improvements included.

Note:  Due to the holiday schedule, there will be no December 2024 non-security preview update but there will be a monthly security update for December 2024.

Update:  To get the update, go to Settings > Update & Security > Windows Update. The link to download and install the update can be found in the Optional updates available area.  To get the standalone package for this update, go to the Microsoft Update Catalog website.

References:

Windows 11 update history


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

November 2024 Windows 11 23H3 and 22H2 Non-Security Preview Update

 Microsoft released KB5046732 (OS Builds 22621.4541 and 22631.4541 for Windows 11 23H3 and Windows 11 22H2. 

Highlights

These might not be available to all users because they will roll out gradually

  • [Settings] New! Tailored Experiences is now Personalized offers in the out of box experience (OOBE). You can find it on the Recommendations and offers page. Go to Settings > Privacy & security. Here, you can turn off the setting that sends data about your device to enhance Windows.
  • [Taskbar]
    • ​​​​​​​New! The system tray shows a shortened date and time. Also, the notification bell icon might not show if you have set the toggle for “Do not disturb” to on. If the bell icon does not show, click the date and time to view your messages in the notification center. To go back to the long form of the date and time, go to Settings > Date and Time. Then turn on the toggle for “Show time and day in the system tray.” To show the bell icon, go to Settings > System > Notifications. Turn on the toggle for “Notifications.” You can also get to these settings using the context menu. Just right click the system tray clock or bell icon.
    • Fixed: When you choose "Automatically hide the taskbar," the search box shows as an icon, not as a search box.
  • ​​​​​​​[Input Method Editor (IME)] New! After you install this update, the IME toolbar will hide when apps are in full screen mode. This only occurs when the IME toolbar is active and you type Chinese or Japanese characters.
  • [Start menu] New! When you right-click apps that you have pinned to the Start menu, jump lists will appear for apps that have jump lists.
  • [File Explorer]
    • New! You canshare content to an Android device from the context menu in File Explorer and on the desktop. To use this feature, you must install and configure Phone Link on your PC.
    • Fixed: There might be more space than you expect between the items listed in the left pane.
    • Fixed: The search box is cut off when the File Explorer window is small.
  • [Touchscreen] New! This update adds a new section for touchscreen edge gestures. Go to Settings > Bluetooth & Devices > Touch. There, you can choose if you would like to turn off the left or right screen edge touch gesture.
  • [Mouse] New! This update adds the option to turn off enhanced mouse pointer precision to Settings > Bluetooth & Devices > Mouse. There is also a new option to change the direction in which the mouse scrolls.
  • ​​​​​​​[Dynamic Lighting Settings page]
    • New! Its page will show a placeholder message when there is no compatible device attached to your computer. Also, the Brightness and Effects controls will be off.
    • New! This update adds the Forward, Backward, Outward, and Inward direction options to the Wave effect. The Gradient effect now has the Forward direction option.
  • [Jump lists] New! If you hold Shift and CTRL and click a jump list item, this opens the item as an admin.

    Normal rollout

    • [Bluetooth LE Audio] Fixed: Some devices, like hearing aids, do not stream Bluetooth audio.
    • [Mouse and game bar] Fixed: Your mouse might unlock from the game window. This occurs when you have multiple monitors and open and close the game bar.

    Note:  Due to the holiday schedule, there will be no December 2024 non-security preview update but there will be a monthly security update for December 2024.

    Update:  To get the update, go to Settings > Update & Security > Windows Update. The link to download and install the update can be found in the Optional updates available area.  To get the standalone package for this update, go to the Microsoft Update Catalog website.

    References:

    Windows 11 update history


    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    November 2024 Windows 10 Non-Security Preview Update

     Microsoft released KB5046714 for Windows 10 version 22H2 optional non-security release preview (Windows monthly updates explained).

    Highlights
    • [App list backup] Fixed: Win32 shortcuts might not back up to the cloud. 
    • [Copy cloud files] Fixed: When you drag and drop files from a cloud files provider folder, it might result in a move instead of a copy.
    See the KB article for the list of quality improvements included in the update.

    This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates. For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.

    Note:  Due to the holiday schedule, there will be no December 2024 non-security preview update but there will be a monthly security update for December 2024.

    Update:  To get the update, go to Settings > Update & Security > Windows Update. The link to download and install the update can be found in the Optional updates available area.  To get the standalone package for this update, go to the Microsoft Update Catalog website.

    Windows 10 update history



    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    Friday, November 15, 2024

    Optional Hotfix Patch for Adobe Reader and Acrobat

     

    Adobe
    Adobe has released an optional hotfix patch that addresses some important bug fixes.

    Update or Complete Download

    Reader DC and Acrobat DC were updated to version 24.004.20772.  Updates should become available via the internal updater or checks can be manually activated by choosing Help/Check for Updates.  

    Reader DC and other versions are available here: https://get.adobe.com/reader/

    Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

    References

    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    Tuesday, November 12, 2024

    Microsoft November 2024 Security Updates

     

    The Microsoft November 2024 security updates have been released and consist of 89 new patches to Microsoft products.


    Of the Microsoft CVEs released, 4 are rated critical, 84 important, and 1 moderate in security. At the time of release, Microsoft lists three of the CVEs is listed as being publicly known and two are listed as being exploited.

    The security updates apply to the following products, features and roles: Windows and Windows Components; Office and Office Components; Azure; .NET and Visual Studio; LightGBM; Exchange Server; SQL Server; TorchGeo; Hyper-V; and Windows VMSwitch.

    See the list of KBs at the bottom of the page at November 2024 Security Updates - Release Notes - Security Update Guide - Microsoft for information regarding known issues with the security updates as well as the CVEs with FAQs, Mitigations and/or Workarounds.

    Recommended Reading:   See Dustin Childs review and analysis in Zero Day Initiative -- The November 2024 Security Update Review.

    Due to the holiday schedule, there will be no December 2024 non-security preview update but there will be a monthly security update for December 2024.

    Additional Update Notes:

     

    References




    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    Thursday, November 07, 2024

    Optional Hotfix Patch for Adobe Reader and Acrobat

     

    Adobe
    Adobe has released an optional hotfix patch that addresses some important bug fixes.

    Update or Complete Download

    Reader DC and Acrobat DC were updated to version 24.004.20243.  Updates should become available via the internal updater or checks can be manually activated by choosing Help/Check for Updates.  

    Reader DC and other versions are available here: https://get.adobe.com/reader/

    Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

    References

    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    Tuesday, November 05, 2024

    Pale Moon Version 33.4.1 Released with Security Update

     Pale MoonPale Moon has been updated to version 33.4.1.  This is a minor security and bug fix update.

    Changes/fixes:

    • Added a processor check to the 64-bit installer for Windows to check for AVX.
      Note: this check does not work on Window 7/8/8.1 and will allow installations on non-AVX processors there.
      Note: if you are running Windows 10 before build 2004 (before 20H1), this check may fail on AVX-capable CPUs and prevent installation.
    • Improved handling of multipart/mixed documents. (CVE-2024-10461 and CVE-2016-2816) DiD
    • Addressed CVE-2024-10463.

      Notes:  *DiD This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

      Pale Moon includes both 32- and 64-bit versions for Windows: Pale Moon for Windows downloads.

      Update: To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

      Release Notes
      Release Cycle

      Home
      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...

      Monday, November 04, 2024

      Mozilla Firefox Version 132.0.1 Released with Updates

        Mozilla sent Firefox Version 131.0.3 to the Release Channel.

      Fixed

      • Fixed issues causing intermittent video playback problems on some sites. (Bug 1928484Bug 1928798).
      • Fixed an issue causing themes to reset to default after restarting Firefox, in particular when using the Firefox Color add-on. (Bug 1928082).

      Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox".  Mac users need to select "About Firefox" from the Firefox menu.  For non-English versions, Fully Localized Versions are available for download.

      Release Notes


      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...

      Tuesday, October 29, 2024

      Mozilla Firefox Version 132.0 Released with Security Updates

        FirefoxMozilla sent Firefox Version 132.0 to the release channel.  

      The update includes nine security updates of which two (2) are rated high, six (6) are rated moderate, and three (3) are rated low.

      High

      #

      #CVE-2024-10458: Permission leak via embed or object elements
      #CVE-2024-10459: Use-after-free in layout with accessibility

      Moderate

      #CVE-2024-10460: Confusing display of origin for external protocol handler prompt
      #CVE-2024-10461: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response
      #CVE-2024-10462: Origin of permission prompt could be spoofed by long URL
      #CVE-2024-10463: Cross origin video frame leak
      #CVE-2024-10468: Race conditions in IndexedDB
      #CVE-2024-10467: Memory safety bugs fixed in Firefox 132, Thunderbird 132, Firefox ESR 128.4, and Thunderbird 128.4

      Low

      #CVE-2024-10464: History interface could have been used to cause a Denial of Service condition in the browser
      #CVE-2024-10465: Clipboard "paste" button persisted across tabs#CVE-2024-10466: DOM push subscription message could hang Firefox
      #CVE-2024-10466: DOM push subscription message could hang Firefox

      New

      • Microsoft PlayReady encrypted media playback is now being rolled out to select sites on Windows. Through this support, we are gradually rolling out a 1080p baseline and 4K Ultra HD support with key streaming partners. An added benefit is that viewers get less battery drain and better performance when streaming their favorite movies and shows.
      • A tab preview is now displayed when hovering the mouse over background tabs, making it easier to locate the desired tab without needing to switch tabs.
      • Wide Color Gamut WebGL is now available for Windows and macOS users! With this support, Firefox is bringing a richer, more vivid range of colors to the videos, games, and images on your screen. This implementation currently supports wider color (P3) profiles in 8-bit.
      • WebRender hardware accelerated rendering is now enabled for most SVG filter primitives, improving performance for certain graphics-heavy content. Accelerated filters are feBlend, feColorMatrix, feComponentTransfer, feComposite, feDropShadow, feFlood, feGaussianBlur, feMerge and feOffset.
      • Added support for macOS’ new screen and window sharing selection features on macOS 15 and later. Support for macOS 14 will be added in a future release.
      • The macOS session resume feature has been enhanced. Firefox will now automatically relaunch if it was open before a system restart, like after an OS update.
      • Firefox now blocks third-party cookie access when Enhanced Tracking Protection's Strict mode is enabled.
        Fixed:
        • Fixed an issue where Copy and Paste context menu items intermittently were not enabled when expected.
        Changed:


        • As a follow-up to our work to upgrade mixed content starting with Firefox 127, HTTP-favicons will now also be blocked if they can not be received over HTTPS instead
        • The Copy Without Site Tracking option is now grayed out when no known tracking parameters are found within the link. Additionally, more tracking parameter support has been added for websites such as LinkedIn and Shopee. Please report tracking parameters that aren't removed by filing a bug in Bugzilla.

        Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

        References


        Remember - "A day without laughter is a day wasted."
        May the wind sing to you and the sun rise in your heart...