Tuesday, November 26, 2024

Mozilla Firefox Version 133.0 Released with Security Updates

 FirefoxMozilla sent Firefox Version 133.0 to the release channel.  Firefox ESR was updated to Version 128.5.  

Note: For Firefox users on Windows 7, 8 and 8.1, Firefox Version 115 is the last supported version for those operating systems and will be moved to the latest ESR version by automatic update.  See Firefox users on Windows 7, 8 and 8.1 moving to Extended Support Release.

The update includes seventeen security updates of which two (2) are rated high, nine (9) are rated moderate, and six (6) are rated low.

High

#

#CVE-2024-11691: Memory corruption in Apple GPU drivers
#CVE-2024-11699: Memory safety bugs fixed in Firefox 133, Firefox ESR 128.5, and Thunderbird 128.5

CVE-2024-11691: Memory corruption in Apple GPU drivers

Moderate

#CVE-2024-11700: Potential Tapjacking Exploit for Intent Confirmation on Android
#CVE-2024-11692: Select list elements could be shown over another site
#CVE-2024-11701: Misleading Address Bar State During Navigation Interruption
#CVE-2024-11702: Inadequate Clipboard Protection in Private Browsing Mode on Android
#CVE-2024-11693: Download Protections were bypassed by .library-ms files on Windows
#CVE-2024-11694: CSP Bypass and XSS Exposure via Web Compatibility Shims
#CVE-2024-11695: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters
#CVE-2024-11703: Password access without authentication via PIN bypass on Android
#CVE-2024-11696: Unhandled Exception in Add-on Signature Verification

Low

#CVE-2024-11697: Improper Keypress Handling in Executable File Confirmation Dialog
#CVE-2024-11704: Potential Double-Free Vulnerability in PKCS#7 Decryption Handling
#CVE-2024-11698: Fullscreen Lock-Up When Modal Dialog Interrupts Transition on macOS
#CVE-2024-11705: Null Pointer Dereference in NSC_DeriveKey
#CVE-2024-11706: Null Pointer Dereference in PKCS#12 Utility
#CVE-2024-11708: Data race with PlaybackParams

New

  • Firefox now has a new anti-tracking feature, Bounce Tracking Protection, which is now available in Enhanced Tracking Protection's "Strict" mode. This feature detects bounce trackers based on their redirect behavior and periodically purges their cookies and site data to block tracking.
  • The sidebar to view tabs from other devices can now be opened via the Tab overview menu.
  • GPU-accelerated Canvas2D is now enabled by default on Windows providing a performance improvement.

Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

References


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Thursday, November 21, 2024

November 2024 Windows 11 24H2 Non-Security Preview Update

  Microsoft released KB5044384 (OS Builds 22100.2161 for Windows 11 24H2.

Gradual rollout

These might not be available to all users because they will roll out gradually.​​​​​

  • [Settings] New! Tailored Experiences is now Personalized offers in the out of box experience (OOBE). You can find it on the Recommendations and offers page. Go to Settings > Privacy & security. Here, you can turn off the setting that sends data about your device to enhance Windows.
  • [Taskbar]
    • New! The system tray shows a shortened date and time. Also, the notification bell icon might not show if you have set the toggle for “Do not disturb” to on. If the bell icon does not show, click the date and time to view your messages in the notification center. To go back to the long form of the date and time, go to Settings > Date and Time. Then turn on the toggle for “Show time and day in the system tray.” To show the bell icon, go to Settings > System > Notifications. Turn on the toggle for “Notifications.” You can also get to these settings using the context menu. Just right click the system tray clock or bell icon.
    • Fixed: When you choose "Automatically hide the taskbar," the search box shows as an icon, not as a search box.
  • [Start menu] New! When you right-click apps that you have pinned to the Start menu, jump lists will appear for apps that have jump lists.
  • [Touchscreen] New! This update adds a new section for touchscreen edge gestures. Go to Settings > Bluetooth & Devices > Touch. There, you can choose if you would like to turn off the left or right screen edge touch gesture.
  • [Input Method Editor (IME)] New! After you install this update, the IME toolbar will hide when apps are in full screen mode. This only occurs when the IME toolbar is active and you type Chinese or Japanese characters.​​​​​​​
  • [File Explorer]
    • New! You can share content to an Android device from the context menu in File Explorer and on the desktop. To use this feature, you must install and configure Phone Link on your PC.​​​​​​​
    • Fixed: There might be more space than you expect between the items listed in the left pane.
    • Fixed: The search box is cut off when the File Explorer window is small.
  • [Dynamic Lighting Settings page]
    • New! Its page will show a placeholder message when there is no compatible device attached to your computer. Also, the Brightness and Effects controls will be off.
    • New! This update adds the Forward, Backward, Outward, and Inward direction options to the Wave effect. The Gradient effect now has the Forward direction option.

  • [Jump lists] New! If you hold Shift and CTRL and click a jump list item, this opens the item as an admin.
  • [Speech in Windows] New!This update improves the speech-to-text and text-to-speech features in Windows. You might get a message that asks you to update your language files manually. You can get those files from Microsoft Store. This change affects those of you who use Narrator, voice access, live captions, live translations, and voice typing.
  • ​​​​​​​[Display]
    • Fixed: App windows might collect in the corner of a monitor after your device goes to sleep. This occurs when you use multiple monitors.
    • Fixed: Mica material might not display correctly. This occurs when you use a slideshow background.​​​​​​​​​​​​​​​​​​​​​
    • Fixed: Some secondary displays might experience lag and screen tearing when a window is in full screen.
  • [Mouse] Fixed: When you use the "Show location of pointer when I press the CTRL key," the circles might be tiny on some displays.
  • [Clipboard] Fixed: Clipboard history (Windows logo key plus sign (+) V) might show no content. This issue occurs even though it is on, and you have copied text and images.

Normal rollout

  • [Mouse and game bar] Fixed: Your mouse might unlock from the game window. This occurs when you have multiple monitors and open and close the game bar.

See the KB article for improvements included.

Note:  Due to the holiday schedule, there will be no December 2024 non-security preview update but there will be a monthly security update for December 2024.

Update:  To get the update, go to Settings > Update & Security > Windows Update. The link to download and install the update can be found in the Optional updates available area.  To get the standalone package for this update, go to the Microsoft Update Catalog website.

References:

Windows 11 update history


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

November 2024 Windows 11 23H3 and 22H2 Non-Security Preview Update

 Microsoft released KB5046732 (OS Builds 22621.4541 and 22631.4541 for Windows 11 23H3 and Windows 11 22H2. 

Highlights

These might not be available to all users because they will roll out gradually

  • [Settings] New! Tailored Experiences is now Personalized offers in the out of box experience (OOBE). You can find it on the Recommendations and offers page. Go to Settings > Privacy & security. Here, you can turn off the setting that sends data about your device to enhance Windows.
  • [Taskbar]
    • ​​​​​​​New! The system tray shows a shortened date and time. Also, the notification bell icon might not show if you have set the toggle for “Do not disturb” to on. If the bell icon does not show, click the date and time to view your messages in the notification center. To go back to the long form of the date and time, go to Settings > Date and Time. Then turn on the toggle for “Show time and day in the system tray.” To show the bell icon, go to Settings > System > Notifications. Turn on the toggle for “Notifications.” You can also get to these settings using the context menu. Just right click the system tray clock or bell icon.
    • Fixed: When you choose "Automatically hide the taskbar," the search box shows as an icon, not as a search box.
  • ​​​​​​​[Input Method Editor (IME)] New! After you install this update, the IME toolbar will hide when apps are in full screen mode. This only occurs when the IME toolbar is active and you type Chinese or Japanese characters.
  • [Start menu] New! When you right-click apps that you have pinned to the Start menu, jump lists will appear for apps that have jump lists.
  • [File Explorer]
    • New! You canshare content to an Android device from the context menu in File Explorer and on the desktop. To use this feature, you must install and configure Phone Link on your PC.
    • Fixed: There might be more space than you expect between the items listed in the left pane.
    • Fixed: The search box is cut off when the File Explorer window is small.
  • [Touchscreen] New! This update adds a new section for touchscreen edge gestures. Go to Settings > Bluetooth & Devices > Touch. There, you can choose if you would like to turn off the left or right screen edge touch gesture.
  • [Mouse] New! This update adds the option to turn off enhanced mouse pointer precision to Settings > Bluetooth & Devices > Mouse. There is also a new option to change the direction in which the mouse scrolls.
  • ​​​​​​​[Dynamic Lighting Settings page]
    • New! Its page will show a placeholder message when there is no compatible device attached to your computer. Also, the Brightness and Effects controls will be off.
    • New! This update adds the Forward, Backward, Outward, and Inward direction options to the Wave effect. The Gradient effect now has the Forward direction option.
  • [Jump lists] New! If you hold Shift and CTRL and click a jump list item, this opens the item as an admin.

    Normal rollout

    • [Bluetooth LE Audio] Fixed: Some devices, like hearing aids, do not stream Bluetooth audio.
    • [Mouse and game bar] Fixed: Your mouse might unlock from the game window. This occurs when you have multiple monitors and open and close the game bar.

    Note:  Due to the holiday schedule, there will be no December 2024 non-security preview update but there will be a monthly security update for December 2024.

    Update:  To get the update, go to Settings > Update & Security > Windows Update. The link to download and install the update can be found in the Optional updates available area.  To get the standalone package for this update, go to the Microsoft Update Catalog website.

    References:

    Windows 11 update history


    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    November 2024 Windows 10 Non-Security Preview Update

     Microsoft released KB5046714 for Windows 10 version 22H2 optional non-security release preview (Windows monthly updates explained).

    Highlights
    • [App list backup] Fixed: Win32 shortcuts might not back up to the cloud. 
    • [Copy cloud files] Fixed: When you drag and drop files from a cloud files provider folder, it might result in a move instead of a copy.
    See the KB article for the list of quality improvements included in the update.

    This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates. For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.

    Note:  Due to the holiday schedule, there will be no December 2024 non-security preview update but there will be a monthly security update for December 2024.

    Update:  To get the update, go to Settings > Update & Security > Windows Update. The link to download and install the update can be found in the Optional updates available area.  To get the standalone package for this update, go to the Microsoft Update Catalog website.

    Windows 10 update history



    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    Friday, November 15, 2024

    Optional Hotfix Patch for Adobe Reader and Acrobat

     

    Adobe
    Adobe has released an optional hotfix patch that addresses some important bug fixes.

    Update or Complete Download

    Reader DC and Acrobat DC were updated to version 24.004.20772.  Updates should become available via the internal updater or checks can be manually activated by choosing Help/Check for Updates.  

    Reader DC and other versions are available here: https://get.adobe.com/reader/

    Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

    References

    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    Tuesday, November 12, 2024

    Microsoft November 2024 Security Updates

     

    The Microsoft November 2024 security updates have been released and consist of 89 new patches to Microsoft products.


    Of the Microsoft CVEs released, 4 are rated critical, 84 important, and 1 moderate in security. At the time of release, Microsoft lists three of the CVEs is listed as being publicly known and two are listed as being exploited.

    The security updates apply to the following products, features and roles: Windows and Windows Components; Office and Office Components; Azure; .NET and Visual Studio; LightGBM; Exchange Server; SQL Server; TorchGeo; Hyper-V; and Windows VMSwitch.

    See the list of KBs at the bottom of the page at November 2024 Security Updates - Release Notes - Security Update Guide - Microsoft for information regarding known issues with the security updates as well as the CVEs with FAQs, Mitigations and/or Workarounds.

    Recommended Reading:   See Dustin Childs review and analysis in Zero Day Initiative -- The November 2024 Security Update Review.

    Due to the holiday schedule, there will be no December 2024 non-security preview update but there will be a monthly security update for December 2024.

    Additional Update Notes:

     

    References




    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    Thursday, November 07, 2024

    Optional Hotfix Patch for Adobe Reader and Acrobat

     

    Adobe
    Adobe has released an optional hotfix patch that addresses some important bug fixes.

    Update or Complete Download

    Reader DC and Acrobat DC were updated to version 24.004.20243.  Updates should become available via the internal updater or checks can be manually activated by choosing Help/Check for Updates.  

    Reader DC and other versions are available here: https://get.adobe.com/reader/

    Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

    References

    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    Tuesday, November 05, 2024

    Pale Moon Version 33.4.1 Released with Security Update

     Pale MoonPale Moon has been updated to version 33.4.1.  This is a minor security and bug fix update.

    Changes/fixes:

    • Added a processor check to the 64-bit installer for Windows to check for AVX.
      Note: this check does not work on Window 7/8/8.1 and will allow installations on non-AVX processors there.
      Note: if you are running Windows 10 before build 2004 (before 20H1), this check may fail on AVX-capable CPUs and prevent installation.
    • Improved handling of multipart/mixed documents. (CVE-2024-10461 and CVE-2016-2816) DiD
    • Addressed CVE-2024-10463.

      Notes:  *DiD This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

      Pale Moon includes both 32- and 64-bit versions for Windows: Pale Moon for Windows downloads.

      Update: To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

      Release Notes
      Release Cycle

      Home
      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...

      Monday, November 04, 2024

      Mozilla Firefox Version 132.0.1 Released with Updates

        Mozilla sent Firefox Version 131.0.3 to the Release Channel.

      Fixed

      • Fixed issues causing intermittent video playback problems on some sites. (Bug 1928484Bug 1928798).
      • Fixed an issue causing themes to reset to default after restarting Firefox, in particular when using the Firefox Color add-on. (Bug 1928082).

      Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox".  Mac users need to select "About Firefox" from the Firefox menu.  For non-English versions, Fully Localized Versions are available for download.

      Release Notes


      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...