Tuesday, January 21, 2025

Mozilla Firefox Version 134.0.2 Released

    Mozilla sent Firefox Version 134.0.2 to the Release Channel.

Fixed

  • Fixed crash reporter not being displayed for some localized builds (Bug 1940763).
  • Fixed a regression in Firefox 134 where anchored links in HTML framesets pointing to local files did not work (Bug 1934807).
  • Fixed an issue in developer tools preventing the resending of network requests when debugging extensions (Bug 1934478).
  • Fixed an issue where data consumption from service workers may unexpectedly halt (Bug 1941210).

Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox".  Mac users need to select "About Firefox" from the Firefox menu.  For non-English versions, Fully Localized Versions are available for download.

Release Notes


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Wednesday, January 15, 2025

Pale Moon Verson 33.5.1 Released with Security Updates

 Pale MoonPale Moon has been updated to version 33.5.1.  This is a small bugfix and security update.

Changes/fixes:

  • Changed the way cookies are handled internally to fix an issue with cookie database corruption as a result of updates to domain suffixes.
  • Fixed an issue with Alternative-Services protocol negotiation.
  • Fixed a potential crash scenario with Structured Clone operations. *DiD
  • Fixed a potential issue with line breaking if out of memory.
  • Fixed a rare crash with opportunistic encryption.
  • Minor code cleanup.
  • Security issues addressed: CVE-2025-0239 and CVE-2025-0238.

    Notes:  *DiD This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

    Pale Moon includes both 32- and 64-bit versions for Windows: Pale Moon for Windows downloads.

    Update: To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

    Release Notes
    Release Cycle

    Home
    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    Tuesday, January 14, 2025

    Microsoft January 2025 Security Updates

     

    The Microsoft January 2025 security updates have been released and consist of 159 new patches to Microsoft products plus third-party CVE's making the total 161.


    Of the Microsoft CVEs released, 11 are rated critical and 148 are rated moderate in security. At the time of release, five are listed as being publicly known and three under active attack.

    The security updates apply to the following products, features and roles: Windows and Windows Components, Office and Office Components, Hyper-V, SharePoint Server, .NET and Visual Studio, Azure, BitLocker, Remote Desktop Services, and the Windows Virtual Trusted Platform Module.

    See the list of KBs at the bottom of the page at January 2025 Security Updates - Release Notes - Security Update Guide - Microsoft for information regarding known issues with the security updates as well as the CVEs with FAQs, Mitigations and/or Workarounds.

    Recommended Reading:   See Dustin Childs review and analysis in Zero Day Initiative -- The January 2025 Security Update Review.

    Additional Update Notes:

     

    References




    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    Mozilla Firefox Version 134.0.1 Released with Updates

      Mozilla sent Firefox Version 134.0.1 to the Release Channel.

    Fixed

    • Fixed UI hangs happening on YouTube and Google Docs in some situations (Bug 1939295).
    • Fixed a startup crash affecting some users upgrading from Firefox 133 (Bug 1941134).
    • Fixed an issue where search engines selection menus and context menus could be broken if a user had previously reverted to an earlier version (Bug 1940533).

    Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox".  Mac users need to select "About Firefox" from the Firefox menu.  For non-English versions, Fully Localized Versions are available for download.

    Release Notes


    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    Tuesday, January 07, 2025

    Mozilla Firefox Version 134.0 Released with Security Updates

     FirefoxMozilla sent Firefox Version 134.0 to the release channel.  Firefox ESR was updated to Version 128.6.0.  

    The update includes eleven security updates of which three (3) are rated high and eight (8) are rated moderate.

    High

    #

    ##

    CVE-2025-0244: Address bar spoofing using an invalid protocol scheme on Firefox for Android

    ###

    CVE-2025-0242: Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6

    #

    CVE-2024-11691: Memory corruption in Apple GPU drivers

    Moderate

    ####

    #CVE-2025-0245: Lock screen setting bypass in Firefox Focus for Android

    #CVE-2025-0246: Address bar spoofing using an invalid protocol scheme on Firefox for Android

    #CVE-2025-0237: WebChannel APIs susceptible to confused deputy attack

    #CVE-2025-0238: Use-after-free when breaking lines in text

    #CVE-2025-0239: Alt-Svc ALPN validation failure when redirected

    #CVE-2025-0240: Compartment mismatch when parsing JavaScript JSON module

    #CVE-2025-0241: Memory corruption when using JavaScript Text Segmentation

    #CVE-2025-0243: Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6

    New

    • Firefox now supports touchpad hold gestures on Linux. This means that kinetic (momentum) scrolling can now be interrupted by placing two fingers on the touchpad.

    • Hardware-accelerated playback of HEVC video content is now supported on Windows.

    • Ecosia's availability has been expanded to all languages in the German region along with Austria, Belgium, Italy, Netherlands, Spain, Sweden and Switzerland.

    Changed

    • Firefox now follows the model HTML specification for transient user activation more closely. This change makes popup blocking less strict in cases where previous versions of Firefox were overly aggressive, reducing erroneous blocking prompts.

    • A refreshed New Tab layout is being rolled out to users in the US and Canada, featuring a repositioned logo and weather widget to prioritize Web Search, Shortcuts, and Recommended Stories at the top. The update includes changes to the card UI for recommended stories and allows users with larger screens to see up to four columns, making better use of space.  Currently available in: Canada, United States


    Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

    References


    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...