Pale Moon Version 33.8.1.1 Released

  Pale Moon has been updated to version 33.8.1.1.  This is an important bugfix update.  Mac and FreeBSD will be updated shortly.

Changes/fixes:

• Fixed a browser crash in the new code introduced in 33.8.1 around <object> restrictions.
• Fixed a regression in the styling of the address bar drop-down making links unreadable when highlighted.

Pale Moon includes both 32- and 64-bit versions for Windows: Pale Moon for Windows downloads.

Update: To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

Release Notes
Release Cycle

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Pale Moon Version 33.8.1 Released with Security Updates

 Pale Moon has been updated to version 33.8.1.  This is a bugfix and security update.

Changes/fixes:

• Pale Moon no longer accepts nameless cookies. See implementation notes.
• Improved the "copy as curl" command in devtools further, partially rolling back the DiD changes in previous versions since we aren't offering cross-platform commands and it caused potential issues with overzealous escaping.
• Fixed a potential use-after-free scenario in the CSS parser.
• Fixed uninitialized use of fontconfig scenarios for Linux/GTK.
• Adjusted CSP URI reporting to more closely match the current spec and common browser behavior.
• Fixed a potential crash in font handling.
• Adjusted the size of WASM compiled table size limits to match V8/Gecko.
• Increased restrictions on the types of data loads <object> elements are allowed to trigger, to match the fetch spec more closely.
• Fixed build issues for PPC architectures.
• Security issues addressed: CVE-2025-8031, CVE-2025-8028 (DiD), CVE-2025-8037 (and related), CVE-2025-8029, and several others that do not have a CVE number.
  
  

Implementation notes:

• From this version forward we no longer accept nameless cookies. If a cookie has no name and starts with an equal sign, it is outright rejected. If a cookie consists only of a string with no equal sign, it is interpreted as a valueless cookie with the name set to the string. This departs from our inherited Mozilla behavior where this was previously treated as a nameless cookie with the string as the value.
  
  RFC 6265 forbids cookies without an equal sign (§5.2 step 2), but browsers accept them anyway for web compatibility reasons (poor web design). Moreover, §5.2 step 5 explicitly forbids nameless cookies.
  
  Valueless names also make more sense in web context: Set-cookie: itself supports secure and httponly as valueless attributes, and HTML supports valueless attributes as well.
  
  Our new behavior therefore makes more logical sense, is closer to the spec and general principles, aligns with webkit/Safari and solves a whole class of potential sec bugs like CVE-2025-8037. Apologies if this causes web compat issues, but it's the same thing to do when encountering non-compliant cookies.

Pale Moon includes both 32- and 64-bit versions for Windows: Pale Moon for Windows downloads.

Update: To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

Release Notes
Release Cycle

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

July 2025 Windows 11 Non-Security Preview Update

 Microsoft released KB5062660 (OS Build 26100.4770) for Windows 11 24H2 and KB5062663 (OS Builds 22621.5699 and 22631.5699) Windows 11 23H2 and Windows 11 22H2. 

See the long list of highlights included in KB5062660 for Windows 11 24H2.  The update for Windows 11 23H2 and Windows 11 22H2 addresses non-security issues.

Update:  To get the update, go to Settings > Update & Security > Windows Update. The link to download the update can be found in the Optional updates available section.

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

July 2025 Windows 10 Non-Security Preview Update

 Microsoft released KB5062649 for Windows 10 version 22H2 optional non-security release preview (Windows monthly updates explained).

Key Issues Addressed

• ​​​​​[Extended Security Updates] Fixed: An issue impacting the Windows 10 Extended Security Updates (ESU) enrollment wizard. Some users experienced a problem where clicking “Enroll now” caused the wizard window to open, begin loading, and then close unexpectedly. This occurred due to incomplete app registration, which prevented the wizard from loading correctly. This update addresses that issue to ensure a smoother enrollment experience.

• [Mobile Operator Profiles] Updated: Country and Operator Settings Asset (COSA) profiles.

• [Secure Boot] New!  Adds the ability to deploy SKUSiPolicy VBS Anti-rollback protections through the Secure Boot AvailableUpdates registry key.

• [Core File Systems] Fixed: An issue observed in rare cases after installing the May 2025 security update and subsequent updates causing devices to experience stability issues. Some devices became unresponsive and stopped responding in specific scenarios.

• [Input]

  
  

  • Fixed: A known issue with the Microsoft Changjie Input Method. Users were unable to select words after a recent update.

  • Fixed: A known issue when searching for an emoji in the emoji panel. After a recent update, the search always returns no results.

  • Fixed: An issue in which phonetic input methods, including the Hindi Phonetic Input keyboard and Marathi Phonetic keyboard do not work correctly after a recent update.

If you installed earlier updates, only the new updates contained in this package will be downloaded and installed on your device.

Update:  To get the update, go to Settings > Update & Security > Windows Update. The link to download and install the update can be found in the Optional updates available area.  

Windows 10 update history

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Mozilla Firefox Version 141.0 Released with Security Updates

 Mozilla sent Firefox Version 141.0 to the release channel.  

The update includes eighteen security updates of which six (6) are rated critical, nine (9) are rated moderate, and three (3) are rated low. The security updates can be reviewed here.

New features are included in the update.  To review the new features, see the Release Notes.

Update:  To get the update now, select "Help" from the Firefox menu and pick "About Firefox".  Mac users need to select "About Firefox" from the Firefox menu.  If you do not use the English language version, Fully Localized Versions are available for download.

Rapid Release Calendar

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Adobe Acrobat/Reader Optional Update

 

Adobe is releasing an optional hotfix patch for Acrobat and Acrobat Reader that addresses some important bug fixes. 

Update or Complete Download

Adobe Acrobat and Reader were updated to version 25.001.20577.  Updates should become available via the internal updater or checks can be manually activated by choosing Help/Check for Updates.  

Reader DC and other versions are available here: https://get.adobe.com/reader/

Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

Release Notes

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Oracle Java Runtime (JRE) Update Released with Critical Security Updates

 

Oracle released the scheduled update for its Java SE Runtime Environment software.  This is a critical security and bugfix update.  

This Critical Patch Update contains nine new security patches for Oracle Java SE.  Eight of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. 

Download Information:  

Java SE Runtime Environment Version 8u461: https://java.com/en/download/manual.jsp

Java Security Recommendations

1) If Java is still installed on your computer, it is recommended that all updates be applied as soon as possible and older, less secure, versions uninstalled.  See Why should I uninstall older versions of Java from my system?
2) In the Java Control Panel, at minimum, set the security to high.
3) Keep Java disabled until needed.  Uncheck the box "Enable Java content in the browser" in the Java Control Panel.

Notes:

• UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.  Preferably, see the instructions below on how to handle "Unwanted Extras".  
• Oracle does not plan to migrate desktops from Java 8 to Java 9 through the auto update feature.  Therefore, it is strongly recommended that you uninstall JRE 8 prior to updating.
• Verify your version:  http://www.java.com/en/download/testjava.jsp.   Note: The Java version verification page will only work if your browser has NPAPI support.  In that case, to check the version, open a cmd window and enter the following (note the space following Java):  java -version
• Important:  If you have a need to use Java, see which browser support it at Browsers That Still Support Java & How to Enable It.

Patch Schedule

For Oracle Java SE, the next scheduled update is October 21, 2025.  The planned release schedule is available here.

Unwanted "Extras"

Although most people do not need Java on their computer, there are some programs and games that require Java.  In the event you need to continue using Java, How-to Geek discovered a little-known and publicized option in the Java Control Panel to suppress the offers for the pre-checked unwanted extras that Oracle has long included with the updates.  Although the Ask Toolbar has been removed, that does not preclude the pre-checked option for some other unnecessary add-on.

Do the following to suppress the sponsor offers:

1. Launch the Windows Start menu
2. Click on Programs
3. Find the Java program listing
4. Click Configure Java to launch the Java Control Panel
5. Click the Advanced tab and go to the "Miscellaneous" section at the bottom.
6. Check the box by the “Suppress sponsor offers when installing or updating Java” option and click OK.

References

• Java, The Never-Ending Saga  
• Critical Patch Updates and Security Alerts
• Release Notes
• Oracle Java SE Risk Matrix 

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Adobe Acrobat/Reader Update

 

Adobe released an update with bug fixes for Acrobat and Reader. 

Update or Complete Download

Adobe Acrobat and Reader were updated to version 25.001.20566.  Updates should become available via the internal updater or checks can be manually activated by choosing Help/Check for Updates.  

Reader DC and other versions are available here: https://get.adobe.com/reader/

Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

Release Notes

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Microsoft July 2025 Security Updates

 

The Microsoft July 2025 security updates have been released and consist of 130 new CVEs to Microsoft products. With the additional 10 non-Microsoft CVEs being documented, it brings the combined total to 140 CVEs.

Of the Microsoft CVEs released, 10 are rated critical and the rest are rated important in security. At the time of release, one is listed as being publicly known and none are listed as under active attack.

The security updates apply to the following products, features and roles: Windows and Windows Components, Office and Office Components, .NET and Visual Studio, Azure, Teams, Hyper-V, Windows BitLocker, Microsoft Edge (Chromium-based), and the Windows Cryptographic Service.

See the list of KBs at the bottom of the page at July 2025 Security Updates - Release Notes - Security Update Guide - Microsoft for information regarding known issues with the security updates.

Recommended Reading:   See Dustin Childs review and analysis in Zero Day Initiative -- The July 2025 Security Update Review.

Additional Update Notes:

• Windows 10 End of Support -- On October 14, 2025, Windows 10 will reach end of support. See the Windows 10 blog for How to prepare for Windows 10 end of support by moving to Windows 11 today.
• MSRT -- The Malicious Software Removal Tool is now run on a quarterly basis rather than monthly.  See Remove specific prevalent malware with Windows Malicious Software Removal Tool. 
• Servicing Stack Updates -- Microsoft now combines the latest servicing stack update (SSU) for your operating system with the Latest Cumulative Updates (LCU). For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.
  
• Windows updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows, in addition to non-security updates. The updates are also available via search for the KB number in the Microsoft Update Catalog.
• For information on lifecycle and support dates for Windows 10 and Windows 11 operating systems, please see Windows 10 Home and Pro and Windows 11 Home and Pro.
• Windows Update History:  Windows10, Windows 11

 

References

• Security Update FAQ
• Security Updates Guide

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Mozilla Firefox Version 140.0.4 Released with Updates

  Mozilla sent Firefox Version 140.0.4 to the Release Channel.

Fixed

• Fixed incorrect font selection in some cases when attempting to use color fonts. (Bug 1971053)
• Fixed the search results not updating when switching source during a file search in the Developer Tool's debugger. (Bug 1971094)

Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox".  Mac users need to select "About Firefox" from the Firefox menu.  For non-English versions, Fully Localized Versions are available for download.

Release Notes

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Pale Moon Version 33.8.0 Released with Security Updates

 Pale Moon has been updated to version 33.8.0. This is a major development, bugfix and security release.

The update includes DiD fixes. This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

See the Release Notes for numerous changes/fixes included in the update as well as Implementation Notes.

Pale Moon includes both 32- and 64-bit versions for Windows: Pale Moon for Windows downloads.

Update: To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

Release Notes
Release Cycle

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...