Tuesday, December 10, 2024

Adobe Acrobat/Reader Update with Security Updates

 

Adobe
Adobe is releasing an update with bug fixes and new features for end users described in the New features summary as well as security updates for Acrobat and Reader. 

The security updates provide mitigations for vulnerabilities described in the security bulletins of Reader and Acrobat.

Update or Complete Download

Adobe Acrobat and Reader are being updated to version 24.005.20320.  Updates should become available via the internal updater or checks can be manually activated by choosing Help/Check for Updates.  

Reader DC and other versions are available here: https://get.adobe.com/reader/

Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

Release Notes

Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...
Posted by  
Posted by No comments:
Labels: , , , ,

Microsoft December 2024 Security Updates

 

The Microsoft December 2024 security updates have been released and consist of 71 new patches to Microsoft products.


Of the Microsoft CVEs released, 16 are rated critical, 54 important, and 1 moderate in security. At the time of release, one is listed as being publicly known and as being exploited.

The security updates apply to the following products, features and roles: Windows and Windows Components, Office and Office Components, SharePoint Server, Hyper-V, Defender for Endpoint, and System Center Operations Manager.

See the list of KBs at the bottom of the page at December 2024 Security Updates - Release Notes - Security Update Guide - Microsoft for information regarding known issues with the security updates as well as the CVEs with FAQs, Mitigations and/or Workarounds.

Recommended Reading:   See Dustin Childs review and analysis in Zero Day Initiative -- The December 2024 Security Update Review.

Due to the holiday schedule, there will be no December 2024 non-security preview update.

Additional Update Notes:

 

References




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...
Posted by No comments:
Labels: , , ,

Mozilla Firefox Version 133.0.3 Released with Updates

    Mozilla sent Firefox Version 133.0.3 to the Release Channel.

Fixed

  • Fixed the missing scrollbar in the Library window, such as when viewing History or Bookmarks. (Bug 1934482).
  • Fixed a problem where toolbar buttons were not visible on mouseover when using both the Windows High Contrast theme and the Firefox System theme. (Bug 1930840)
  • Fixed blurry line drawing on some Canvas elements when hardware acceleration is enabled. (Bug 1933668).
  • Fixed incorrect Firefox window positioning on Windows when restoring from maximized. (Bug 1934238).

Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox".  Mac users need to select "About Firefox" from the Firefox menu.  For non-English versions, Fully Localized Versions are available for download.

Release Notes


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...
Posted by No comments:
Labels: , ,

Thursday, December 05, 2024

Pale Moon Version 33.5.0 Released with Security Updates

 Pale Moon Pale Moon has been updated to version 33.5.0.  This is a development, bugfix and security release.  

Note: Intel Mac builds are now "ad hoc" signed instead of unsigned, which should solve potential issues with newer macOS while still being compatible with old OS X. If you experience issues, please post in the Mac board on the forum for support.

Changes/fixes:

  • Implemented Regular Expression "match indices" (/d) feature.
  • Added a way to programmatically clear the DNS cache in the browser, and added a button to the UI for it in about:networking.
  • Updated handling of referrer policies to adhere to the updated spec.
  • CSS font variations keywords no longer throw an error. See implementation notes.
  • CSS border-radius will now also apply to element outlines.
  • Improved the display of amount of cached web content in preferences when cache is being cleared.
  • Improved the installer AVX check to skip on early versions of Windows 10 (which don't support it).
  • Updated NSS to 3.90.5 (unofficial) to pick up some security fixes.
  • Refreshed the built-in list of effective top-level domains.
  • Fixed several application crashes.
  • Reduced unnecessary debug/informative messages in release builds (WebGL and CSP).
  • Backed out building against ffmpeg 6.0 and ffvpx 6.0 for causing a video playback regression on full-range videos (levels 0-255).
  • Cleaned up a large amount of leftover Boot2Gecko code, simplifying code paths throughout the code base.
  • From this version forward we also publish language packs for Persian (Farsi), Hindi, Kannada and Vietnamese.
  • Security issues addressed: CVE-2024-11693 and CVE-2024-11704 (DiD).

Implementation notes:

  • The CSS font variations keywords (woff2-variations, truetype-variations, etc.) allow webmasters to indicate format hints for @font-face font resources so authors can provide alternative resources for browsers that don't support tech(variations). The intent of these hints is to provide an alternate font with variations in addition to regular fonts without. Unfortunately, some webmasters don't indicate a base font the variation font face would be an alternate for, which resulted in Pale Moon throwing an error on the only @font-face src entry provided, in turn having the web font not being loaded at all (because no valid entry was found), breaking website layout. From this version onwards, we parse the -variations keywords allowing variation alternative font-faces to be loaded, even if no base font was specified. To webmasters only supplying @font-face entries with variations keywords: please understand the intent of this CSS 4 spec and always provide a base font entry (graceful fallback).

*DiD: This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

**Rejected security patches: This means that patches were theoretically applicable to our code but considered undesirable, which could be due to unwanted changes in behavior, known regressions caused by the patches, or unnecessary risks for stability, security or privacy.

Pale Moon includes both 32- and 64-bit versions for Windows: Pale Moon for Windows downloads.

Update: To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

Release Notes
Release Cycle


Remember - "A day without laughter is a day wasted."
Posted by No comments:
Labels: , , ,

Wednesday, December 04, 2024

Optional Hotfix Patch for Adobe Reader and Acrobat

 

Adobe
Adobe has released an optional hotfix patch that addresses some important bug fixes.

Update or Complete Download

Reader DC and Acrobat DC were updated to version 24.005.20307.  Updates should become available via the internal updater or checks can be manually activated by choosing Help/Check for Updates.  

Reader DC and other versions are available here: https://get.adobe.com/reader/

Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

References

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...
Posted by No comments:
Labels: , ,
Subscribe to: Posts (Atom)