On May 9, a new version of Firefox was released by Mozilla. Since version 29.0.1 is considered a minor (‘dot’) release, there was no formal announcement.
The release notes provide some clues as to the changes in 29.0.1. A few minor bugs were fixed, but none of them appear to be security-related. The colour of unselected tabs was changed to make them more visible than they are in Firefox 29.
Adobe has issued a pre-notification of updates for Acrobat and Reader software that are expected to be made available on May 13.
The updates address critical security vulnerabilities in Reader and Acrobat.
Next Tuesday we’ll find out whether Microsoft is going to stick to its original plan and stop providing Windows XP security updates to us ordinary folks.
According to the Advance Notification post on the MSRC blog, this month’s updates will include eight bulletins, with two of those being Critical. The updates affect the usual suspects, including Windows, Office, Internet Explorer and .NET.
The more technical Advance Notification security bulletin on the TechNet Security Tech Center blog definitely does not list Windows XP anywhere.
Version 3.9.1 of WordPress was announced yesterday.
The new version consists of fixes for several minor bugs. None of the changes are related to security.
WordPress sites will update to the new version automatically, unless the Auto Update feature is disabled.
Security researchers recently discovered a flaw in DropBox that could allow access to users’ private documents in certain circumstances. DropBox responded quickly to fix the vulnerability. It’s not clear whether the vulnerability was known to – or exploited by – any nefarious persons.
If you use DropBox, you should review your Shared Links settings and restrict shared links to collaborators only.
This month’s Ouch! newsletter (PDF) provides some basic guidelines for determining whether your computer has been hacked. There’s also some help for dealing with hacks. Note that this information is aimed at regular users, so if you’re an IT professional, it’s unlikely to be useful.
And now, just because it’s really cool, here’s live video of the Earth from space…
The latest Webkit-based Opera is version 21.0.1432.57. There’s nothing much of interest in this new version, with the major change being the use of ‘Aura’, an improved desktop window manager that’s also part of the toolkit used by Google for its Chromium O/S and Chrome web browser.
There’s still no sidebar, which makes one wonder whether Opera will ever recover its former full-featured glory. The developers keep insisting that they will add missing features back to the browser, but if they’re pushing out major releases with nothing changed except a slightly faster user interface, it seems they are concentrating on the wrong things.
There are apparently no security fixes in this version.
Ars Technica’s monthly look at browser and O/S usage concludes by predicting that at the current rate of change, Windows XP use will remain significant for another two years.
We recently reported on a serious vulnerability affecting all versions of Internet Explorer that is being exploited on the web.
Well, it appears that Microsoft sees this vulnerability as very serious, because they are planning to release an update – later today – that addresses the problem. This is an ‘out-of-band’ update, meaning that it’s considered too important to wait for the next Patch Tuesday.
Just in case you were wondering, this vulnerability affects all versions of Internet Explorer on all versions of Windows, including Windows XP. But the patch will not be made available for Windows XP computers.
Update 2014May02: Surprisingly, Microsoft has decided to make this update available for Windows XP. I confirmed this by running Microsoft Update on my WinXP test system: security update 2964358 was offered, and I installed it without any difficulties. Reading through the associated bulletin (MS14-021) there is no explanation for this decision, but there is confirmation, in the section titled “Security Update Deployment
– Windows XP (all editions)”, and in a related post on the MSRC blog. The Verge has additional details, as does Ars Technica. The Ars Technica post includes the official explanation from Microsoft:
Even though Windows XP is no longer supported by Microsoft and is past the time we normally provide security updates, we’ve decided to provide an update for all versions of Windows XP (including embedded) today. We made this exception based on the proximity to the end of support for Windows XP. The reality is there have been a very small number of attacks based on this particular vulnerability and concerns were, frankly, overblown. Unfortunately this is a sign of the times and this is not to say we don’t take these reports seriously. We absolutely do.
Update 2014May02: Another Ars Technica post makes the argument that releasing a patch for Windows XP was a mistake. The moment of truth will be Patch Tuesday for May 2014: will Microsoft stick to its guns and leave Windows XP out of the next set of patches?
boot13