Mozilla Firefox Version 125.0.3 Released with Updates

 Mozilla sent Firefox Version 125.0.3 to the Release Channel.

Fixed

• Fixed an extra blank tab with an address of https://0.0.0.1 sometimes appearing when attempting to launch Firefox when it is already running (bug 1892612).
  
• Fixed an issue that could cause incorrect font selection in some situations for users with the Japanese locale set (bug 1892363).
  
• Fixed text corruption when dragging text containing unicode characters on Linux systems (bug 1888202).
  
• Fixed a correctness error when checking arguments.length (and not using arguments otherwise) inside of a generator or async function (bug 1892699).
  
• Fixed an issue that could lead to inconsistent focus handling of <select> elements when opened (bug 1893177).
  

Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox".  Mac users need to select "About Firefox" from the Firefox menu.  For non-English versions, Fully Localized Versions are available for download.

Release Notes

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

April 2024 Windows 11 Non-Security Preview Update

 Microsoft released KB5036980 (OS Builds 22621.3527 and 22631.3527 today for Windows 11 23H3 and Windows 11 22H2. 

IMPORTANT:  The date for optional, non-security preview releases for Home and Pro versions of Windows 11, version 22H2 has been extended from February 27, 2024 to June 26, 2024. 

Highlights included in the update:

• New! The Recommended section of the Start menu will show some Microsoft Store apps. These apps come from a small set of curated developers. This will help you to discover some of the great apps that are available. If you want to turn this off, go to Settings > Personalization > Start. Turn off the toggle for Show recommendations for tips, app promotions, and more.

• New! In the coming weeks, your most frequently used apps might appear in the Recommended section of the Start menu. This applies to apps that you have not already pinned to the Start menu or the taskbar.

• New! This update improves the Widgets icons on the taskbar. They are no longer pixelated or fuzzy. This update also starts the rollout of a larger set of animated icons.

• New! This update affects Widgets on the lock screen. They are more reliable and have improved quality. This update also supports more visuals and a more customized experience for you.

• This update affects the touch keyboard. It makes the Japanese 106 keyboard layout appear as expected when you sign in.

• This update addresses an issue that affects Settings. It stops responding when you dismiss a flyout menu.

See the KB article for a separate list of quality improvements included in the update for Windows 11 23H3 and Windows 11 22H2. 

Update:  To get the update, go to Settings > Update & Security > Windows Update. The link to download and install the update can be found in the Optional updates available area.  To get the standalone package for this update, go to the Microsoft Update Catalog website.

References:

Windows 11 update history

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

April 2024 Windows 10 Non-Security Preview Update

 Microsoft released KB5036979 for Windows 10 version 22H2 optional non-security release preview (Windows monthly updates explained).

Highlights included in the update:

• New! This update starts the rolls out of account-related notifications for Microsoft accounts in Settings > Home. A Microsoft account connects Windows to your Microsoft apps. The account also backs up all your data and helps you to manage your subscriptions. You can also add extra security steps to keep you from being locked out of your account. This feature displays notifications across the Start menu and Settings. You can manage your Settings notifications in Settings > Privacy & security > General.

• New!  This update affects Widgets on the lock screen. They are more reliable and have improved quality. This update also supports more visuals and a more customized experience for you.

• This update addresses an issue that affects some wireless earbuds. Bluetooth connections are not stable. This occurs on devices that have firmware from April 2023 and later.

• This update makes some changes to Windows Search. It is now more reliable, and it is easier to find an app after you install it. This update also gives you a personalized app search experience.

See the KB article for the list of quality improvements included in the update.

This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates. For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.

Update:  To get the update, go to Settings > Update & Security > Windows Update. The link to download and install the update can be found in the Optional updates available area.  To get the standalone package for this update, go to the Microsoft Update Catalog website.

Windows 10 update history

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Pale Moon Version 33.1.0 Released with Security Updates

   Pale Moon has been updated to version 33.1.0.  This update is a development, stability, and security release.

New features:

• Implemented support for single-use <link rel=preload> meta tag. This implementation allows use of it without specifying a second <link rel={type}> meta tag to actually load the linked document which was originally intended for this tag (to hint to a browser it should pre-load the document for fast painting).
• Implemented CSP v3 keywords script-src-elem, script-src-attr, style-src-elem and style-src-attr.
• Enabled the use of html5's <dialog> by default. While this is not yet a complete implementation, use of it in the wild dictated we enable this early. The implementation should functionally suffice for usage seen so far.
• Added support for Emoji 15.1.
• Implemented webkit URL legacy window alias for URL for web compatibility.
• Implemented CSS shorthands margin-block, margin-inline, padding-block and padding-inline.
• Added support for querying CPU capabilities (SSE2/AVX/AVX2) to the Navigator interface. For privacy reasons this is not exposed to the web, but can be used by extensions.

Changes/fixes:

• Fixed broken mousewheel scrolling if building with --disable-npapi.
• Fixed a minor issue with XUL tree display in some circumstances.
• Dev: Aligned canvas Path2D.addPath with the updated spec. It now supports DOMMatrix as opposed to SVGMatrix.
  
• Removed Stylo (Gecko Rust style system) leftovers from the source tree.
• Fixed a few potential emoji display issues.
• Fixed some issues with workers.
• Fixed an issue with ctrl+c copying in devtools.
• Fixed crashes when run under WINE because of its lack of support for IDXGIKeyedMutex.
• Fixed a crash when dealing with a specific (unmaintained) extension.
• Added .xrm-ms files to the executable warning list on Windows.
• Added sanity checks on http/2 header sizes.
• Fixed a potential issue in the JavaScript JIT compiler.
• Pulled a few fixes from upstream for the OpenType Sanitizer.
• Added a fix to avoid a potential issue when assigning a media data buffer.
• Security issues addressed: CVE-2024-3863, CVE-2024-3302, CVE-2024-3857 DiD, CVE-2024-3859 and CVE-2024-3861 DiD.

Notes:

DiD: This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

Pale Moon includes both 32- and 64-bit versions for Windows: Pale Moon for Windows downloads.

Update: To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

Release Notes
Release Cycle

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Mozilla Firefox Version 125.0.2 Released

   Mozilla sent Firefox Version 125.0.2 to the Release Channel.

Fixed

• Reverted the changes recently shipped in Firefox 125 that more proactively blocked downloads from potentially untrustworthy URLs. The changes caused unexpected problems with downloading files in some situations. We plan to fix and re-enable these protections in a future release. (Bug 1892069)

Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox".  Mac users need to select "About Firefox" from the Firefox menu.  For non-English versions, Fully Localized Versions are available for download.

Release Notes

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Oracle Java Critical Security Update Released

 

Oracle released the scheduled update for its Java SE Runtime Environment software.  This is a bugfix and critical security update.  

This Critical Patch Update contains thirteen new security patches, plus additional third-party patches noted in the security risk matrix linked below for Oracle Java SE.  Ten of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.  

Download Information:  

Java SE Runtime Environment Version 8u411: https://java.com/en/download/manual.jsp. 

Java Security Recommendations

1) If Java is still installed on your computer, it is recommended that all updates be applied as soon as possible and older, less secure, versions uninstalled.  See Why should I uninstall older versions of Java from my system?.
2) In the Java Control Panel, at minimum, set the security to high.
3) Keep Java disabled until needed.  Uncheck the box "Enable Java content in the browser" in the Java Control Panel.

Notes:

• UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.  Preferably, see the instructions below on how to handle "Unwanted Extras".  
• Oracle does not plan to migrate desktops from Java 8 to Java 9 through the auto update feature.  Therefore, it is strongly recommended that you uninstall JRE 8 prior to updating.
• Verify your version:  http://www.java.com/en/download/testjava.jsp.   Note: The Java version verification page will only work if your browser has NPAPI support.  In that case, to check the version, open a cmd window and enter the following (note the space following Java):  java -version
• Important: The Edge browser does not support plug-ins.  In the event you still have a need for Java, it will be necessary to use Firefox.

Patch Schedule

For Oracle Java SE, the next scheduled update is July 16, 2024.  The planned release schedule is available here.

Unwanted "Extras"

Although most people do not need Java on their computer, there are some programs and games that require Java.  In the event you need to continue using Java, How-to Geek discovered a little-known and publicized option in the Java Control Panel to suppress the offers for the pre-checked unwanted extras that Oracle has long included with the updates.  Although the Ask Toolbar has been removed, that does not preclude the pre-checked option for some other unnecessary add-on.

Do the following to suppress the sponsor offers:

1. Launch the Windows Start menu
2. Click on Programs
3. Find the Java program listing
4. Click Configure Java to launch the Java Control Panel
5. Click the Advanced tab and go to the "Miscellaneous" section at the bottom.
6. Check the box by the “Suppress sponsor offers when installing or updating Java” option and click OK.

References

• Java, The Never-Ending Saga  
• Critical Patch Updates and Security Alerts
• Release Notes
• Oracle Java SE Risk Matrix 
• Oracle Security Blog 

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Mozilla Firefox Version 125.0.1 Released with Security Updates

Mozilla sent Firefox Version 125.0.1 to the release channel.  Firefox ESR was updated to Version 115.9.1.

The update includes fifteen security updates of which nine (9) are rated high, five (5) are rated moderate, and one (1) is rated low.

High

#

#CVE-2024-3852: GetBoundName in the JIT returned the wrong object
#CVE-2024-3853: Use-after-free if garbage collection runs during realm initialization
#CVE-2024-3854: Out-of-bounds-read after mis-optimized switch statement
#CVE-2024-3855: Incorrect JIT optimization of MSubstr leads to out-of-bounds read
#CVE-2024-3856: Use-after-free in WASM garbage collection
#CVE-2024-3857: Incorrect JITting of arguments led to use-after-free during garbage collection
#CVE-2024-3858: Corrupt pointer dereference in js::CheckTracedThing<js::Shape>
#CVE-2024-3864: Memory safety bug fixed in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10
#CVE-2024-3865: Memory safety bugs fixed in Firefox 125

Moderate

#CVE-2024-3859: Integer-overflow led to out-of-bounds-read in the OpenType sanitizer
#CVE-2024-3860: Crash when tracing empty shape lists
#CVE-2024-3861: Potential use-after-free due to AlignedBuffer self-move
#CVE-2024-3862: Potential use of uninitialized memory in MarkStack assignment operator on self-assignment
#CVE-2024-3863: Download Protections were bypassed by .xrm-ms files on Windows

Low

#

#CVE-2024-3302: Denial of Service using HTTP/2 CONTINUATION frames

New

• Firefox now supports the AV1 codec for Encrypted Media Extensions (EME), enabling higher-quality playback from video streaming providers.
• The Firefox PDF viewer now supports text highlighting.
• Firefox View now displays pinned tabs in the Open tabs section. Tab indicators have also been added to Open tabs, so users can do things like see which tabs are playing media and quickly mute or unmute across windows. Indicators were also added for bookmarks, tabs with notifications, and more!
• Firefox now prompts users in the US and Canada to save their addresses upon submitting an address form, allowing Firefox to autofill stored address information in the future.
• Firefox now more proactively blocks downloads from URLs that are considered to be potentially untrustworthy.
• The URL Paste Suggestion feature provides a convenient way for users to quickly visit URLs copied to the clipboard in the address bar of Firefox. When the clipboard contains a URL and the URL bar is focused, an autocomplete result appears automatically. Activating the clipboard suggestion will navigate the user to the URL with 1 click.
• Users of tab-specific Container add-ons can now search in the Address Bar for tabs that are open in different containers. Special thanks to volunteer contributor atararx for kicking off the work on this feature!
• Firefox now provides an option to enable Web Proxy Auto-Discovery (WPAD) while configured to use system proxy settings.

Changed

• In a group of radio buttons where no option is selected, the tab key now only reaches the first option rather than cycling through all available options. The arrow keys navigate between options as they do when there is a selected option. This makes keyboard navigation more efficient and consistent.

Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

References

• Security Updates
• Release Notes
• Rapid Release Calendar
• ESR Release Notes

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Microsoft April 2024 Security Updates

 

The Microsoft April 2024 security updates have been released and consist of 147 new patches to Microsoft products. In addition, 8 third-party CVEs are documented, bringing the total number of CVEs reported to 155.

Of the Microsoft CVEs released, 3 are rated critical,142 are rated important and 2 are rated moderate in security. At the time of release, none of the CVEs are listed as being publicly known or under active attack.

The security updates apply to the following products, features and roles: Microsoft Windows and Windows Components; Office and Office Components; Azure; .NET Framework and Visual Studio; SQL Server; DNS Server; Windows Defender; Bitlocker; and Windows Secure Boot.

See the list of KBs at the bottom of the page at April 2024 Security Updates - Release Notes - Security Update Guide - Microsoft for information regarding known issues with the security updates as well as the CVEs with FAQs, Mitigations and/or Workarounds. For specific information on Windows 11, versions 23H2 and 22H2, see KB5036893.  For Windows 10, Version 22H2 see KB5036892.

Recommended Reading:   See Dustin Childs review and analysis in Zero Day Initiative -- The April 2024 Security Update Review.

Additional Update Notes:

• MSRT -- The Malicious Software Removal Tool is now run on a quarterly basis rather than monthly.  See Remove specific prevalent malware with Windows Malicious Software Removal Tool. 
• Servicing Stack Updates -- Microsoft now combines the latest servicing stack update (SSU) for your operating system with the Latest Cumulative Updates (LCU). For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.
  
• Windows updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows, in addition to non-security updates. The updates are also available via search for the KB number in the Microsoft Update Catalog.
• For information on lifecycle and support dates for Windows 10 and Windows 11 operating systems, please see Windows 10 Home and Pro and Windows 11 Home and Pro.
• Windows Update History:
• Windows 11
• Windows 10

 

References

• Security Update FAQ
• Security Updates Guide

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Optional Update for Adobe Reader and Acrobat

 

Adobe has released an optional update which contains enhancements around Gen AI features in Acrobat & Reader. For additional information see Generative AI features in Adobe Acrobat and Acrobat Reader.

Update or Complete Download

Reader DC and Acrobat DC were updated to version 24.001.20643 for Windows.  Updates should become available via the internal updater or checks can be manually activated by choosing Help/Check for Updates.  

Reader DC and other versions are available here: https://get.adobe.com/reader/

Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

References

• Release Notes

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Mozilla Firefox Version 124.0.2 Released

   Mozilla sent Firefox Version 124.0.2 to the Release Channel.

Fixed

• Fixed an issue where users with a large amount of bookmarks would be unable to restore a bookmarks backup. (Bug 1884308)

• Fixed an issue that would cause open Firefox windows to go blank or crash during video playback on sites such as Netflix. (Bug 1883932)

• Fixed a crash that affected Linux AArch64 builds.(Bug 1866396)

• Fixed an issue where some users experienced difficulties loading webpages due to changes made to the default AppArmor configuration shipping in Ubuntu 24.04. (Bug 1884347)

Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox".  Mac users need to select "About Firefox" from the Firefox menu.  For non-English versions, Fully Localized Versions are available for download.

Release Notes

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...