Tuesday, September 26, 2017

Pale Moon Version 27.5.0 Released


Pale Moon
Pale Moon has been updated to Version 27.5.0. This is a major release furthering the development of the browser.


The changes and fixes in this release are extensive and include user interface changes including a menu option to restart the browser, media improvements and much more.

Details from the Release Notes:

Changes/fixes:
  • User interface:
    • Added a menu option to restart the browser.
    • Added Windows-specific CSS parameters and queries for the use of the system accent color. Added are parameters -moz-win-accentcolor and -moz-win-accentcolortext, and the media query -moz-win-accentcolor-applies to know if Windows is actively using an accent color.
    • Changed Windows' browser CSS sheet ot use variables instead of hard-coding colors, simplifying its style and making it more flexible. Further cleaned up the Windows 10 specific browser style.
    • Changed the theme on Windows 10 to use the new accent colors and improve O.S. consistency.
    • Fixed some general inconsistencies in the Windows theme on all Windows operating systems.
    • Updated Windows widgets to be able to pick up Windows 10 accent colors dynamically and have the browser 's look and feel respond accordingly, even with automatic color changes based on desktop wallpaper.
    • Removed the experimental FF4 prerelease status-in-addressbar feature because the already-crowded address bar needs a break. This should solve some extension interop issues, theme issues and domain highlighting issues people have reported.
    • Cleaned up some dead code for the plugin updater that no longer exists.
    • Fixed a text direction issue in preferences.
    • Fixed an issue with disabled context menu entries after using Customize...
    • Reorganized and cleaned up the status preferences.
  • Media:
    • MSE Media updates (ongoing). We are focusing on improving MP4 handling.
    • Improved MP3 metadata parsing (e.g. incorrect duration with embedded album cover)
    • Fixed a number of searching issues in MP3 files
    • Fixed a few crashes.
  • Fixed an issue with automatically exporting bookmarks to HTML on shutdown.
  • Fixed a regression re: domains allowed to/blocked from installing add-ons.
  • Fixed several internal errors thrown in the front-end.
  • Fixed several minor issues in the devtools.
  • Added a fix to prevent the home page from being loaded (and subsequently overridden) when restoring a session.
  • Added an option to control add-on blocklist behavior (Options -> Security)
  • Added DOM function isSameNode().
  • Added DOM onvisibilitychange event.
  • Added document.scrollingelement (CSSOM).
  • Added a basic implementation of Object.values and Object.entries enumerator functions (ECMA2017 draft).
  • Added "Open in new private window" to bookmarks, feeds and history entries.
  • Added HTTP request method OPTIONS.
  • Added an option to exit to a no-content page after encountering a network or security error.
    This is controlled with the preference browser.escape_to_blank -- when set to true, "Get me out of here" buttons will load a blank page instead of the browser's home page.
  • Added experimental Brotli accept-encoding (alternative to gzip/deflate compressed http data transfer). Disabled by default for now because it causes issues.
  • Improved the handling of several CSS selectors.
  • Changed session storage to remember form data for https sites by default.
  • Added (yet another) trap prevention method to onbeforeunload events.
  • Fixed privacy preferences not correctly resetting all options when choosing "Remember History"
  • Fixed not being able to deselect loading bookmarks in the sidebar.
  • Limited the display of user names and hosts in the http auth dialog to sane lengths, preventing over-sizing issues.
  • Fixed a number of potential crash points.
  • Improved the security of the Windows dll loader module.
  • Reinstated "Open all in tabs" option on folders of live bookmarks (feeds).
  • Made URL matching more liberal in selected text to make it easier to open stated addresses.
  • Fixed an issue with Graphite font rendering where automatic font collision fixing didn't always work.
  • Color Management for images is now disabled by default on Linux, due to many distributions not having a streamlined setup with sane default ICC profiles, which makes images look worse when color management is enabled.
  • Tightened the update security check to prevent acceptance of update manifests that have been intercepted/replaced through https MitM attacks.
    Please be aware that https-filtering antivirus may interfere with future application updates as a result.
  • Updated the ANGLE library to broaden WebGL support and reduce the potential of crashes (due to junk being sent to the video driver).
  • Added content-sniffing for WebP images (working around CloudFront's incorrect content-type headers).
  • Fixed a problem with some H.264 media not playing (SPS NAL).
  • Improved timer efficiency (switch back to lower precision when high precision is no longer needed, reducing CPU/power consumption).
  • Improved context search on selected text/links.
  • Updated address bar handling with Alt or Shift modifiers, so that "switch to tab" with a modifier can open copies of already-opened sites.
  • Added a fix on Linux for starting the browser from Enlightenment.
  • Privacy fix: Pale Moon will now clear QuotaManager storage (asm.js cache/IndexedDB data) as part of clearing Offline Website Data.
Minimum system Requirements (Windows):
  • Windows Vista/Windows 7/8/10/Server 2008 or later
  • Windows Platform Update (Vista/7) strongly recommended
  • A processor with SSE2 instruction support
  • 256 MB of free RAM (512 MB or more recommended)
  • At least 150 MB of free (uncompressed) disk space
Pale Moon includes both 32- and 64-bit versions for Windows:

Update

To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Saturday, September 23, 2017

Oracle Java™ Platform, Standard Edition 9 Released

java


Oracle released Java™ Platform, Standard Edition 9, 64-bit only, for Windows 7, Windows 8x, Windows 10 as well as Windows Server 2012, Windows Server 2012 R2 and Windows Server 2016 R and Windows Server 2016 R2.  The update includes security enhancements.

For browser support as well as Linux, Solaris and Mac OS X, see Oracle JDK 9 and JRE 9 Certified System Configurations Contents. Java Version 9 is not compatible with Windows XP or Windows Vista. 

Oracle does not plan to migrate desktops from Java 8 to Java 9 through the auto update feature.  Therefore, it is strongly recommended that you uninstall JRE 8 prior to updating.


    Download Information



    Notes:
    • UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.  Preferably, see the instructions below on how to handle "Unwanted Extras". 
    • Verify your versionhttp://www.java.com/en/download/testjava.jsp.

      Note
      :  The Java version verification page will only work if your browser has NPAPI support.  In that case, to check the version, open a cmd window and enter the following (note the space following Java):  java -version

    Critical Patch Updates

    For Oracle Java SE Critical Patch Updates, the next scheduled dates are as follows:
    • 17 October 2017
    • 16 January 2018
    • 17 April 2018
    • 17 July 2018

    "Unwanted Extras"

    Although most people do not need Java on their computer, there are some programs and games that require Java.  In the event you need to continue using Java, How-to Geek discovered a little-known and  unpublicized option in the Java Control Panel to suppress the offers for the pre-checked unwanted extras that Oracle has long included with the updates.  Although the Ask Toolbar has been removed, tha does not preclude the pre-checked option for some other unnecessary add-on.

    Do the following to suppress the sponsor offers:
    1. Launch the Windows Start menu
    2. Click on Programs
    3. Find the Java program listing
    4. Click Configure Java to launch the Java Control Panel
    5. Click the Advanced tab and go to the "Miscellaneous" section at the bottom.
    6. Check the box by the “Suppress sponsor offers when installing or updating Java” option and click OK.
    Java suppress sponsor offers

    Java Security Recommendations

    1)  In the Java Control Panel, at minimum, set the security to high.
    2)  Keep Java disabled until needed.  Uncheck the box "Enable Java content in the browser" in the Java Control Panel.

    3)  Instructions on removing older (and less secure) versions of Java can be found at http://java.com/en/download/faq/remove_olderversions.xml
     


    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...


    Tuesday, September 12, 2017

    Microsoft Security Updates for September, 2017



    The September security release consists of 81 security updates for the following software in which 26 are listed as Critical, 53 are rated Important, and two are Moderate in severity. 
    • Internet Explorer
    • Microsoft Edge
    • Microsoft Windows
    • Microsoft Office and Microsoft Office Services and Web Apps
    • Adobe Flash Player
    • Skype for Business and Lync
    • .NET Framework
    • Microsoft Exchange Server
      The updates address Remote Code Execution, Spoofing, "Defense in Depth", Information Disclosure and Elevation of Privilege. "Defense-in-Depth" is a fix that does not apply to an actively exploitable vulnerability but prevents future vulnerabilities caused by the same code when surrounding code changes expose the problem.

      For more information about the updates released today, see https://portal.msrc.microsoft.com/en-us/security-guidance/summary.  Updates can be sorted by OS from the search box. Information about the update for Windows 10 is available at Windows 10 Update history.

      A few of the CVEs addressed by Microsoft this month that deserve some extra attention are discussed in Zero Day Initiative — The September 2017 Security Update Review by Dustin Childs.

        Additional Update Notes

        • Adobe Flash Player -- For Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1 and Windows 10, Adobe Flash Player is now a security bulletin rather than a security advisory and is included with the updates as identified above.
        • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center. 
        • Windows 10 -- A summary of important product developments included in each update, with links to more details is available at Windows 10 Update History. The page will be regularly refreshed, as new updates are released.

        References


          Remember - "A day without laughter is a day wasted."
          May the wind sing to you and the sun rise in your heart...





          Adobe Flash Player Critical Security Updates

          Adobe Flashplayer

          Adobe has released Version 27.0.0.130 of Adobe Flash Player for Microsoft Windows, Macintosh, Chrome and Linux.

          These updates address vulnerabilities could lead to remote code execution.

          Release date:  September 12, 2017
          Vulnerability identifier: APSB17-28
          CVE Numbers:   CVE-2017-11281, CVE-2017-3106
          Platform: Windows, Macintosh, Linux and Chrome OS

          Update:

          *Important Note:  Downloading the update from the Adobe Flash Player Download Center link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras that you do not want.  They are not needed for the Flash Player update.

            Verify Installation

            To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

            Do this for each browser installed on your computer.

            To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

            References



            Remember - "A day without laughter is a day wasted."
            May the wind sing to you and the sun rise in your heart...









            Wednesday, August 30, 2017

            Adobe Acrobat and Reader Security Bulletin APSB17-24 Updated

            Adobe

            Adobe Security Bulletin APSB17-24 for Adobe Acrobat and Reader has been updated to include the availability of new updates as of August 29. 

            From the blog post:
            "The August 29 updates resolve a functional regression with XFA forms functionality that affected some users, as well as provide a resolution to security vulnerability CVE-2017-11223.  This CVE was originally addressed in the August 8 updates (versions 2017.012.20093, 2017.011.30059 and 2015.006.30352). Due to a functional regression in those releases, optional hotfixes [0,1,2] were offered to affected customers that temporarily reverted the fix for CVE-2017-11223. The August 29 releases resolve both the functional regression and provide a fix for CVE-2017-11223.
            At this time, Adobe is not aware of exploits in the wild for CVE-2017-11223, or any of the other issues addressed in the August 8 or August 29 releases.
            References:
            [0] Hotfix for 2017.012.20093
            [1] Hotfix for 2017.011.30059
            [2] Hotfix for 2015.006.30352"
            Version 11.0.22 is available at 11.0.22 Out of cycle update, August 22, 2017 — Acrobat and Adobe Reader Release Notes.   

            References





            Home
            Remember - "A day without laughter is a day wasted."
            May the wind sing to you and the sun rise in your heart...







            Tuesday, August 22, 2017

            Pale Moon Version 27.4.2 Released with Security Updates


            Pale Moon
            Pale Moon version 27.4.2 has been released to address some security and stability issues.  Details from the Release Notes:

            Security fixes:
            • Updated NSPR to 4.15.
            • Updated NSS to 3.31.1.
            • Fixed a DoS issue using overly long Username in URL scheme (CVE-2017-7783)
            • Fixed an issue where (cross domain) iframes could break scope (CVE-2017-7787)
            • Fixed an issue in WindowsDllDetourPatcher (CVE-2017-7804)
            • Fixed an issue with elliptic curve addition in mixed Jacobian-affine coordinates (CVE-2017-7781)
            • Fixed a UAF in nsImageLoadingContent (CVE-2017-7784)
            • Fixed a UAF in WebSockets (CVE-2017-7800)
            • Fixed a heap-UAF in RelocateARIAOwnedIfNeeded (CVE-2017-7809) DiD (accessibility is disabled)
            *DiD stands for "Defense-in-Depth" and is a fix that does not apply to an actively exploitable vulnerability in Pale Moon but prevents future vulnerabilities caused by the same code when surrounding code changes, exposing the problem.

            Changes/fixes:
            • Fixed a number of crashes.
            • Enabled the opt-in debugging feature to log SSL keys to a file in all builds.
            • Added a fix for TLS 1.3 handshakes causing a browser hangup.
              Handshakes should be considerably faster now and no longer stall in the wrong circumstances.
            Minimum system Requirements (Windows):
            • Windows Vista/Windows 7/8/10/Server 2008 or later
            • Windows Platform Update (Vista/7) strongly recommended
            • A processor with SSE2 instruction support
            • 256 MB of free RAM (512 MB or more recommended)
            • At least 150 MB of free (uncompressed) disk space
            Pale Moon includes both 32- and 64-bit versions for Windows, Pale Moon Portable, Pale Moon for Linux and Pale Moon for Android.

              Update

              To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.


              References:


              Remember - "A day without laughter is a day wasted."
              May the wind sing to you and the sun rise in your heart...


              Tuesday, August 08, 2017

              Microsoft Security Updates for August, 2017




              The August security release consists of security updates for the following software:
                • Internet Explorer
                • Microsoft Edge
                • Microsoft Windows
                • Microsoft SharePoint
                • Adobe Flash Player
                • Microsoft SQL Server

                  The updates address Remote Code Execution, Denial of Service, Information Disclosure and Elevation of Privilege in 48 CVE's in which 25 are Critical, 21 Important, and 2 Moderate in severity.

                  For more information about the updates released today, see https://portal.msrc.microsoft.com/en-us/security-guidance/summary.  Updates can be sorted by OS from the search box. Information about the update for Windows 10 is available at Windows 10 Update history.

                  For a list of the CVEs addressed in the August update requiring special attention, see the The August 2017 Security Update Review by Dustin Childs.

                    Additional Update Notes

                    • Adobe Flash Player -- For Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1 and Windows 10, Adobe Flash Player is now a security bulletin rather than a security advisory and is included with the updates as identified above.
                    • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center. 
                    • Windows 10 -- A summary of important product developments included in each update, with links to more details is available at Windows 10 Update History. The page will be regularly refreshed, as new updates are released.

                    References


                      Remember - "A day without laughter is a day wasted."
                      May the wind sing to you and the sun rise in your heart...





                      Adobe Flash Player Critical Security Updates

                      Adobe Flashplayer

                      Adobe has released Version 26.0.0.151 of Adobe Flash Player for Microsoft Windows, Macintosh, Chrome and Linux.

                      These updates address vulnerabilities could lead to remote code execution, information disclosure and Memory address disclosure..

                      Release date:  August 8, 2017
                      Vulnerability identifier: APSB17-23
                      CVE Numbers:   CVE-2017-3085, CVE-2017-3106
                      Platform: Windows, Macintosh, Linux and Chrome OS

                      Update:

                      *Important Note:  Downloading the update from the Adobe Flash Player Download Center link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras that you do not want.  They are not needed for the Flash Player update.

                        Verify Installation

                        To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

                        Do this for each browser installed on your computer.

                        To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

                        References



                        Remember - "A day without laughter is a day wasted."
                        May the wind sing to you and the sun rise in your heart...









                        Adobe Reader and Acrobat Critical Security Updates

                        Adobe

                        Adobe has released security updates for Adobe Reader and Acrobat XI for Windows. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.

                        Release date: August 8, 2017
                        Vulnerability identifier: APSB17-24
                        Platform: Windows

                        Update or Complete Download

                        Update checks can be manually activated by choosing Help > Check for Updates.

                        Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

                        Enable "Protected View"

                        Due to frequent vulnerabilities, it is recommended that Windows users of Adobe Reader and Acrobat ensure that Protected View is enabled.  Neither the Protected Mode or Protected View option is available for Macintosh users.

                        To enable this setting, do the following:

                        • Click Edit > Preferences > Security (Enhanced) menu. 
                        • Change the "Off" setting to "All Files".
                        • Ensure the "Enable Enhanced Security" box is checked. 

                        Adobe Protected View
                        Image via Sophos Naked Security Blog

                        References



                        Home
                        Remember - "A day without laughter is a day wasted."
                        May the wind sing to you and the sun rise in your heart...







                        Mozilla Firefox Version 55 Released With Significant Changes and Security Updates


                        FirefoxMozilla sent Firefox Version 55.0 to the release channel today.  Firefox ESR was updated to version 52.3.  There is no mention in the Release Notes of security updates.*  However, there are major changes that will affect users:
                        1. Warningvia ghacks.net, "Firefox 55.0 breaks compatibility with older versions of the browser and Firefox ESR. Users who want to downgrade are advised to back up their profiles prior to installing the update." See "Changed" below.
                        2. Important Note:  Although installations of 32x will upgrade with this version, the 64x version is now default on 64x systems with 2GB RAM.  Starting with version 56, Firefox will "silently and forcibly auto-upgrade" users running the 32-bit version of Firefox on 64-bit computers with more than 2GB of RAM to the 64-bit version. The next scheduled release is September 26, 2017 (5 week cycle with release for critical fixes as needed).  
                        3. Adobe Flash Player is now click-to-activate. 
                        4. Also, see the following regarding add-ons starting in Firefox 57:  Firefox add-on technology is modernizing 
                        *UPDATE:  At the time of publishing the Release Notes, there was no indication of security fixes included.  In the interim, however, the Release Notes have been updated and Version 55 includes five (5) critical, ten (10 high, seven (7) moderate and six (6) low security updates.
                        New
                        • Launched Windows support for WebVR, bringing immersive experiences to the web. See examples and try working demos at Mozilla VR.
                        • Added options that let users optimize recent performance improvements
                          • Setting to enable Hardware VP9 acceleration on Windows 10 Anniversary Edition for better battery life and lower CPU usage while watching videos
                          • Setting to modify the number of concurrent content processes for faster page loading and more responsive tab switching
                        • Simplified installation process with a streamlined Windows stub installer
                          • Firefox for Windows 64-bit is now installed by default on 64-bit systems with at least 2GB of RAM
                          • Full installers with advanced installation options are still available
                        • Improved address bar functionality
                          • Search with any installed one-click search engine directly from the address bar
                          • Search suggestions appear by default
                          • When entering a hostname (like pinterest.com) in the URL bar, Firefox resolves to the secure version of the site (https://www.pinterest.com) instead of the insecure version (http://www.pinterest.com) when possible
                        • Updated Sidebar for bookmarks, history, and synced tabs so it can appear at the right edge of the window as well as the left
                        • Added support for stereo microphones with WebRTC
                        • Simplified printing from Reader Mode
                        • Updated Firefox for OSX and macOS to allow users to assign custom keyboard shortcuts to Firefox menu items via System Preferences
                        • Browsing sessions with a high number of tabs are now restored in an instant
                        • Make screenshots of webpages, and save them locally or upload them to the cloud. This feature will undergo A/B testing and will not be visible for some users.
                        • Added Belarusian (be) locale

                        Changed

                        • Modernized application update UI to be less intrusive and more aligned with the rest of the browser. Only users who have not restarted their browser 8 days after downloading an update or users who opted out of automatic updates will see this change.
                        • Firefox does not support downgrades, even though this may have worked in past versions. Users who install Firefox 55+ and later downgrade to an earlier version may experience issues with Firefox.
                        • Made the Adobe Flash plugin click-to-activate by default and allowed only on http:// and https:// URL schemes. (This change will not be visible to all users immediately. For more information see the Firefox plugin roadmap)
                        Update:

                        To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

                        References




                        Remember - "A day without laughter is a day wasted."
                        May the wind sing to you and the sun rise in your heart...

                        Thursday, July 27, 2017

                        Out-of-Band Java SE Update

                        java

                        Oracle released an out-of-band update for its Java SE Runtime Environment software.  The update contains bug fixes for Oracle Java SE.  

                        Update

                        If Java is still installed on your computer, it is recommended that this update be applied as soon as possible due to the threat posed by a successful attack.

                        Download Information

                        Download link:  Java SE 8u144

                        Verify your version:  http://www.java.com/en/download/testjava.jsp. Note:  The Java version verification page will only work if your browser has NPAPI support.  In that case, to check open a cmd window and enter the following (note the space following Java): 
                        java - version
                        Notes:
                        • Minimally, UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.  Preferably, see the instructions below on how to handle "Unwanted Extras". 
                        • Starting with Java SE 7 Update 21 in April 2013, all Java Applets and Web Start Applications should be signed with a trusted certificate.  It is not recommended to run untrusted/unsigned Certificates.  See How to protect your computer against dangerous Java Applets

                        Critical Patch Updates

                        For Oracle Java SE Critical Patch Updates, the next scheduled dates are as follows:
                        • 17 October 2017
                        • 16 January 2018
                        • 17 April 2018
                        • 17 July 2018

                        Unwanted "Extras"

                        Although most people do not need Java on their computer, there are some programs and games that require Java.  In the event you need to continue using Java, How-to Geek discovered a little-known and  unpublicized option in the Java Control Panel to suppress the offers for the pre-checked unwanted extras that Oracle has long included with the updates.  Although the Ask Toolbar has been removed, tha does not preclude the pre-checked option for some other unnecessary add-on.

                        Do the following to suppress the sponsor offers:
                        1. Launch the Windows Start menu
                        2. Click on Programs
                        3. Find the Java program listing
                        4. Click Configure Java to launch the Java Control Panel
                        5. Click the Advanced tab and go to the "Miscellaneous" section at the bottom.
                        6. Check the box by the “Suppress sponsor offers when installing or updating Java” option and click OK.
                        Java suppress sponsor offers

                        Java Security Recommendations


                        1)  In the Java Control Panel, at minimum, set the security to high.
                        2)  Keep Java disabled until needed.  Uncheck the box "Enable Java content in the browser" in the Java Control Panel.

                        3)  Instructions on removing older (and less secure) versions of Java can be found at http://java.com/en/download/faq/remove_olderversions.xml

                        References




                        Remember - "A day without laughter is a day wasted."
                        May the wind sing to you and the sun rise in your heart...




                        Tuesday, July 18, 2017

                        Java SE Critical Security Update

                        java

                        Oracle released the scheduled critical security updates for its Java SE Runtime Environment software.  The update contains 32 new security fixes for Oracle Java SE.  28 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. 

                        Update

                        If Java is still installed on your computer, it is recommended that this update be applied as soon as possible due to the threat posed by a successful attack.

                        Download Information

                        Download link:  Java SE 8u141

                        Verify your version:  http://www.java.com/en/download/testjava.jsp

                        Notes:
                        • Minimally, UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.  Preferably, see the instructions below on how to handle "Unwanted Extras". 
                        • Starting with Java SE 7 Update 21 in April 2013, all Java Applets and Web Start Applications should be signed with a trusted certificate.  It is not recommended to run untrusted/unsigned Certificates.  See How to protect your computer against dangerous Java Applets

                        Critical Patch Updates

                        For Oracle Java SE Critical Patch Updates, the next scheduled dates are as follows:
                        • 17 October 2017
                        • 16 January 2018
                        • 17 April 2018
                        • 17 July 2018

                        Unwanted "Extras"

                        Although most people do not need Java on their computer, there are some programs and games that require Java.  In the event you need to continue using Java, How-to Geek discovered a little-known and  unpublicized option in the Java Control Panel to suppress the offers for the pre-checked unwanted extras that Oracle has long included with the updates.  Although the Ask Toolbar has been removed, tha does not preclude the pre-checked option for some other unnecessary add-on.

                        Do the following to suppress the sponsor offers:
                        1. Launch the Windows Start menu
                        2. Click on Programs
                        3. Find the Java program listing
                        4. Click Configure Java to launch the Java Control Panel
                        5. Click the Advanced tab and go to the "Miscellaneous" section at the bottom.
                        6. Check the box by the “Suppress sponsor offers when installing or updating Java” option and click OK.
                        Java suppress sponsor offers

                        Java Security Recommendations


                        1)  In the Java Control Panel, at minimum, set the security to high.
                        2)  Keep Java disabled until needed.  Uncheck the box "Enable Java content in the browser" in the Java Control Panel.

                        3)  Instructions on removing older (and less secure) versions of Java can be found at http://java.com/en/download/faq/remove_olderversions.xml

                        References




                        Remember - "A day without laughter is a day wasted."
                        May the wind sing to you and the sun rise in your heart...




                        Wednesday, July 12, 2017

                        Pale Moon Version 27.4.0 Released with Security Updates


                        Pale Moon
                        Pale Moon version 27.4.0 has been released with security fixes, including DiD* patches.
                        *DiD stands for "Defense-in-Depth" and is a fix that does not apply to an actively exploitable vulnerability in Pale Moon but prevents future vulnerabilities caused by the same code when surrounding code changes, exposing the problem.
                        This is a major update to address most of the media streaming issues users have had.  In addition, the update includes enhancements, bug fixes and security fixes to the browser.


                        Details from the Release Notes:

                        Security fixes:
                        • Removed preloading of HPKP hosts and enabled HPKP header enforcement.
                        • Added support for TLS 1.3, the up-next secure connection protocol.
                        • Fixed an issue with TLS 1.3 not supporting renegotiation by design.
                        • Relaxed some restrictions for CSP to temporarily work around web compatibility issues with the CSP-3 deprecated child-src directive.
                        • Updated NSS to 3.28.5.1-PM to address some security issues.
                        • Updated the installer selfextractor module to address unsafe loading of libraries.
                        • Changed the way certain resources are included to reduce effectiveness of some common fingerprinting techniques. (e.g. browserleaks.org)
                        • Fixed a regression in the display of security information in the page info dialog for insecure content.
                        • Fixed two potential issues with allocating memory for video. DiD
                        • Fixed a potential issue with the network prediction algorithm. DiD
                        • Restricted the use of Aspirational scripts in IDNs to prevent domain spoofing, in anticipation of the UAX#31 update making this official.
                        • Prevented a Mac font specific issue that could be abused for domain spoofing (CVE-2017-7763)
                        • Fixed several potentially exploitable crashes. (CVE-2017-7751) (CVE-2017-7757) and some that do not have a CVE designation.
                        Changes/fixes:
                        • Completely re-worked the Media Source Extensions code to make it spec compliant, and asynchronous as per specification for MSE with MP4. This should fix playback problems on YouTube, Twitch, Vimeo and other sites that previously had some issues. A massive thank you to Travis for his tireless work on making this happen!
                          Please note that MSE+WebM (disabled by default) is not using this new code yet (planned for the next release), and as such there is a temporary set of things to keep in mind if you don't use default settings:
                          • If you have previously enabled MSE+WebM, this setting will be reset when you update to avoid conflicting settings with the updated MSE code.
                          • We've added an extra setting in Options to disable the updated MSE code (asynchronous use) in case you need to use WebM or are otherwise having issues with the updated code (please let us know in that case).
                          • Once again, the MSE+WebM and Asynchronous MSE use are currently mutually exclusive. You can have one or the other, not both, until we sort out the code for WebM. To enable MSE+WebM you will first have to disable Asynchronouse MSE in settings (otherwise the WebM setting will be greyed out and disabled).
                        • Added a control in options/preferences for HSTS and HPKP usage.
                        • Changed HTML bookmark exports to write CRLF line endings to the file on Windows.
                        • Leveraged multi-core rendering for libVPX (VP8/VP9 WebM decoding).
                        • Fixed some issues accessing DeviantArt (useragent-sniffing).
                        • Aligned CSS text-align with the spec.
                        • Added a recovery module for browser initialization issues (e.g. when using a wrong language pack).
                        • Fixed spurious console errors for XHR requests with certain http response codes.
                        • Enabled v-sync aligned refresh for a smoother scrolling experience.
                        • Removed support for CSS XP-theme media queries.
                        • Improved console error reporting.
                        • Fixed resetting toolbars and controls from the safe mode dialog.
                        • Fixed bookmark recovery option from the safe mode dialog.
                        • Fixed innerText getters for display:none elements.
                        • Fixed a GL buffer crash that might occur with certain combinations of drivers and hardware.
                        • Added some more details to about:support.
                        • Fixed a potential crash when the last audio device is removed during playback.
                        • Fixed a crash on about:support when windowless browsers are created.
                        • Updated
                        • Updated the interpretation of 2-digit years in date formats to match other browsers: 0-49 = 2000-2049, 50-99 = 1950-1999.
                        • Added q units to CSS (quarter of a millimeter).
                        • Added .origin property to blobs.
                        • Fixed several minor layout issues.
                        • Fixed disabled HTML elements not producing the proper JS events.
                        • Implemented web content handler blacklist according to the spec, allowing more than feeds to be registered.
                        • Fixed a spec compliance issue with execCommand() on HTML elements.
                        • Fixed a problem with table borders being drawn uneven or being omitted when zooming the page.
                        • Added devtools "filter URLs" option in the network panel.
                        • Added visual sorting options to the Network inspector.
                        • Added importing of login data from Chrome profiles on Windows (Chrome has to be closed first).
                        • Added importing of tags from bookmark export files (HTML format).
                        • Updated usage of SourceMap headers with the updated spec (SourceMap header, keeping X-SourceMap as a fallback).
                        • Fixed several cases of wrongly-used negations in JS modules.
                        • Added the auxclick mouse event.
                        • Added a control to not autoplay video unless it is in view (media.block-play-until-visible).
                        • Updated the Graphite font library to 1.3.10.
                        • Updated how image and media elements respond to window size changes (responsive design).
                        • Added parsing and use of rotation meta data in video.
                        • Fixed several crashes in a number of modules.
                        • Fixed performance regression for scaling large vector images (e.g. MSIE Chalkboard test)
                        • Fixed some issues with notification icons.
                        • Fixed some internal errors with live bookmarks.
                        • Updated SQLite to 3.19.3.
                        • Fixed several reported issues with devtools (cli-cookies, cli help, copying cURL, inspecting SVGs, element size calculations, etc.)
                        • Fixed an issue where a server response was allowed to override add-ons' specified version ranges even for add-ons that have strict compatibility (e.g. themes, language packs).

                        Minimum system Requirements (Windows):
                        • Windows Vista/Windows 7/8/10/Server 2008 or later
                        • Windows Platform Update (Vista/7) strongly recommended
                        • A processor with SSE2 instruction support
                        • 256 MB of free RAM (512 MB or more recommended)
                        • At least 150 MB of free (uncompressed) disk space
                        Pale Moon includes both 32- and 64-bit versions for Windows, Pale Moon Portable, Pale Moon for Linux and Pale Moon for Android.

                          Update

                          To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.


                          References:


                          Remember - "A day without laughter is a day wasted."
                          May the wind sing to you and the sun rise in your heart...


                          Tuesday, July 11, 2017

                          Microsoft Security Updates for July, 2017




                          The July security release consists of security updates for the following software:
                          • Internet Explorer
                          • Microsoft Edge
                          • Microsoft Windows
                          • Microsoft Office and Microsoft Office Services and Web Apps
                          • .NET Framework
                          • Adobe Flash Player
                          • Microsoft Exchange Server


                          The updates address Remote Code Execution, Denial of Service, Information Disclosure and Elevation of Privilege in 57 CVE's in which 19 are Critical, 35 Important, and 3 Moderate in severity.

                          For more information about the updates released today, see https://portal.msrc.microsoft.com/en-us/security-guidance/summary.  Updates can be sorted by OS from the search box. Information about the update for Windows 10 is available at Windows 10 Update history.

                          For a complete list of the CVEs addressed in the July update, see the The July 2017 Security Update Review by Dustin Childs.


                            Additional Update Notes

                            • Adobe Flash Player -- For Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1 and Windows 10, Adobe Flash Player is now a security bulletin rather than a security advisory and is included with the updates as identified above.
                            • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center. 
                            • Windows 10 -- A summary of important product developments included in each update, with links to more details is available at Windows 10 Update History. The page will be regularly refreshed, as new updates are released.

                            References


                              Remember - "A day without laughter is a day wasted."
                              May the wind sing to you and the sun rise in your heart...





                              Adobe Flash Player Security Update Released

                              Adobe Flashplayer

                              Adobe has released Version 26.0.0.137 of Adobe Flash Player for Microsoft Windows, Macintosh, Chrome and Linux.

                              These updates address vulnerabilities could lead to remote code execution, information disclosure and Memory address disclosure..

                              Release date:  July 11, 2017
                              Vulnerability identifier: APSB17-21
                              CVE Numbers:   CVE-2017-3080, CVE-2017-3099, CVE-2017-3100
                              Platform: Windows, Macintosh, Linux and Chrome OS

                              Update:

                              *Important Note:  Downloading the update from the Adobe Flash Player Download Center link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras that you do not want.  They are not needed for the Flash Player update.

                                Verify Installation

                                To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

                                Do this for each browser installed on your computer.

                                To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

                                References



                                Remember - "A day without laughter is a day wasted."
                                May the wind sing to you and the sun rise in your heart...









                                Saturday, July 01, 2017

                                Windows Insider MVP!

                                What a great way to start the day!  🐱‍👤
                                "Congratulations! Thank you for your continued contributions to the Windows community, we are excited to re-award you as a Windows Insider MVP. This award is a token of our appreciation, your leadership and passion help make Windows the best yet. We look forward to our on-going collaboration with you and all of our Windows Insider MVPs as we continue to strengthen the Windows Insider MVP (WI MVP) Program."


                                Home
                                Remember - "A day without laughter is a day wasted."
                                May the wind sing to you and the sun rise in your heart...

                                Thursday, June 29, 2017

                                Mozilla Firefox Version 54.0.1 Released


                                FirefoxMozilla sent Firefox Version 54.0.1 to the release channel today.  Firefox ESR was updated to version 52.2.1. 

                                The update includes a number of bug fixes.

                                The next scheduled release is August 8, 2017 (5 week cycle with release for critical fixes as needed).

                                Fixes:

                                To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

                                References




                                Remember - "A day without laughter is a day wasted."
                                May the wind sing to you and the sun rise in your heart...

                                Tuesday, June 13, 2017

                                Mozilla Firefox Version 54.0


                                FirefoxMozilla sent Firefox Version 54.0 to the release channel today.  Firefox ESR was updated to version 52. The update includes 1 (one) critical, 8 (eight) high and 1 (one) moderate security update.

                                The next scheduled release is August 8, 2017 (5 week cycle with release for critical fixes as needed).

                                New
                                • Added Burmese (my) locale
                                • Added support for multiple content processes (e10s-multi)
                                • Simplified the download button and download status panel

                                Changed
                                • Moved the mobile bookmarks folder to the main bookmarks menu for easier access
                                Update:

                                To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

                                References




                                Remember - "A day without laughter is a day wasted."
                                May the wind sing to you and the sun rise in your heart...

                                Microsoft Security Updates for June, 2017



                                The June Microsoft updates address vulnerabilities in Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office and Microsoft Office Services and Web Apps, Silverlight, Skype for Business and Lync and Adobe Flash Player for Windows 8.1 and above.  Addressed in the updates are Remote Code Execution and Elevation of Privilege.  

                                Known Issues
                                4022717
                                4022726
                                4022715


                                For more information about the updates released today, see https://portal.msrc.microsoft.com/en-us/security-guidance/summary.  Information about the update for Windows 10 is available at Windows 10 Update history.

                                To have a better understanding about the updates released today, see the Zero Day Initiative — The June 2017 Security Update Review by Dustin Childs.

                                  Additional Update Notes

                                  • Adobe Flash Player -- For Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1 and Windows 10, Adobe Flash Player is now a security bulletin rather than a security advisory and is included with the updates as identified above.
                                  • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center. 
                                  • Windows 10 -- A summary of important product developments included in each update, with links to more details is available at Windows 10 Update History. The page will be regularly refreshed, as new updates are released.

                                  References


                                    Remember - "A day without laughter is a day wasted."
                                    May the wind sing to you and the sun rise in your heart...





                                    Adobe Critical Shockware Player Update

                                    Shockwave Player Adobe has released a critical security update for Adobe Shockwave Player which update address a memory corruption that could potentially lead to remote code execution.

                                    Although I have yet to need Shockwave Player on this computer, there are still many people who use it.  If you have Shockwave Player installed, please update to the latest version.

                                    Release date: June 13, 2017
                                    Vulnerability identifier: APSB17-18

                                    CVE number: CVE-2017-3086
                                    Platform: Windows

                                    The newest version 12.2.9.199 is available here: http://get.adobe.com/shockwave/.  As usual, watch for any pre-checked add-ons not needed for the update.

                                    References


                                    Home
                                    Remember - "A day without laughter is a day wasted."
                                    May the wind sing to you and the sun rise in your heart...

                                    Adobe Flash Player Critical Security Update

                                    Adobe Flashplayer

                                    Adobe has released Version 26.0.0.126 of Adobe Flash Player for Microsoft Windows, Macintosh, Chrome and Linux.

                                    These updates address critical vulnerabilities including a use-after-free vulnerability that could lead to code execution and memory corruption vulnerabilities that could lead to remote code execution.

                                    Release date:  June 13, 2017
                                    Vulnerability identifier: APSB17-17
                                    CVE Numbers:   CVE-2017-3075, CVE-2017-3081, CVE-2017-3083, CVE-2017-3084, CVE-2017-3076, CVE-2017-3077, CVE-2017-3078, CVE-2017-3079, CVE-2017-3082
                                    Platform: Windows, Macintosh, Linux and Chrome OS

                                    Update:

                                    *Important Note:  Downloading the update from the Adobe Flash Player Download Center link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras that you do not want.  They are not needed for the Flash Player update.

                                      Verify Installation

                                      To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

                                      Do this for each browser installed on your computer.

                                      To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

                                      References



                                      Remember - "A day without laughter is a day wasted."
                                      May the wind sing to you and the sun rise in your heart...