Category Archives: Patches and updates

Firefox, Mozilla, Patches and updates, Privacy

Firefox 56.0 released

Leave a comment

It’s a major new version number, but there’s not much to get excited about in Firefox 56.0, unless the ability to take screenshots in your browser was on your wish list.

Also new in Firefox 56.0 is the Send Tabs feature, which allows you to send web page links to your other devices. Right click on any web page and select Send Page To Device to try it. I suppose it’s easier than sending yourself email.

Starting with version 56.0, Firefox’s web form autofill feature can fill in address fields. I didn’t even know this was missing in previous versions. In any case, this feature is currently only available for users in the USA; it will be made available in other countries in the coming weeks.

Firefox’s preferences (Options) pages have been reorganized and cleaned up significantly. There’s now a search box on the Options page, which should make finding that elusive setting a bit easier. The explanatory text associated with many options has been improved for clarity. The privacy options and data collection choices have been reworked so they are better aligned with the updated Privacy Notice and data collection strategy.

Finally, media on background tabs will no longer play automatically; it will only start playing once the associated tab is selected.

The release notes for Firefox 56.0 have additional details.

Chrome, Google, Patches and updates, Security

Chrome 61.0.3163.100

Leave a comment

There are exactly fifty-seven items in the change log for Chrome 61.0.3163.100. Some of those changes are version increments and other housekeeping; about forty are actual changes to functionality. Most of those changes are fixes for minor issues. Three of the fixes are for security issues.

If you’ve stopped trying to prevent Chrome from updating itself, it will no doubt proceed with this update automatically. But since the new version includes security fixes, it’s a good idea to make sure. Click the main menu button (three vertical dots at the top right of Chrome’s window), then Help > About Google Chrome.

Patches and updates, Vivaldi

Vivaldi 1.12: bug fixes and some useful improvements

Leave a comment

In response to frequent requests from users, the folks who make Vivaldi have finally added an Image Properties feature to the browser. Right-click an image on a web page and select ‘Image Properties’ to display a dialog showing the image’s URL, dimensions, binary size, and more.

Download management is somewhat easier in Vivaldi 1.12: the list of downloaded files can now be sorted by type, name, size, date added, date finished, and address. There’s a new panel at the bottom of the download sidebar that shows the details for a selected download.

Vivaldi’s Accent Color feature changes the browser’s colour scheme to match the web site currently being viewed. I personally find this kind of thing distracting, but there’s no accounting for taste. If you use this feature, you’ll be happy to know that Vivaldi now has a setting that determines the intensity of the accent color effect.

Vivaldi 1.12 includes fixes for about fifty bugs from earlier versions. None of the changes appear to be related to security. You can see all the details in the release announcement.

Malware, Patches and updates, Security, Things that are bad, Windows

CCleaner malware incident

Leave a comment

A recent version of the popular Windows cleanup tool CCleaner contains malware, apparently added by malicious persons who gained access to a server used by the software developer, Piriform.

The malware was found only in the 32-bit version of CCleaner 5.33.6162. No other versions were affected.

Piriform reacted quickly to the discovery, and yesterday released a new version: CCleaner 5.34.

If you have CCleaner installed on any Windows computers, you should make sure you’re running version 5.34, and if not, install it as soon as possible.

Update 2017Sep23: The server that was breached is actually managed by Avast, which purchased CCleaner software developer Piriform in July.

Ongoing analysis of the hack revealed that this may have been a state-sponsored attack, and that it specifically targeted high profile technology companies. Apparently the malware in the compromised version of CCleaner contained a second payload that was only installed on about twenty computers at eight tech companies.

Adobe, Edge, Flash, Internet Explorer, Microsoft, Patches and updates, Security, Windows

Patch Tuesday for September 2017

Leave a comment

This month’s updates from Microsoft include a patch for a nasty zero-day vulnerability in the .NET framework.

The announcement for this batch of updates is of course just a link to the Security Update Guide, where it’s up to the user to wade through piles of information and determine what’s relevant.

Here’s what I’ve been able to glean from my explorations: there are ninety-four updates, affecting Internet Explorer, Edge, Windows, Office, Adobe Flash Player, Skype, and the .NET Framework. A total of eighty-five vulnerabilities are addressed, twenty-nine of which are flagged as Critical.

As you may have guessed, this month we also have yet another new version of Flash. Microsoft included the new version in updates for Edge and Internet Explorer, and Chrome will get the new version via its internal auto-updater. Desktop Flash users should visit the main Flash page to get the new version. Flash 27.0.0.130 addresses two critical vulnerabilities in previous versions.

Chrome, Google, Patches and updates, Security

Chrome 61.0.3163.79 includes 22 security fixes

Leave a comment

The change log for Chrome 61.0.3163.79 is another browser-challenging page, this one having over 10,000 entries. Google didn’t bother to highlight any of the changes, aside from the twenty-two security issues addressed in the new version.

Unless you’ve gone out of your way to disable the various auto-update mechanisms Google installs alongside its software, Chrome should update itself within a day or so of the new version becoming available. If not, you can usually trigger an update by visiting Chrome’s About page: click the three-dot menu button, then select Help > About Google Chrome.

Adobe, Patches and updates, Security

Adobe Reader update fixes 67 vulnerabilities

Leave a comment

AdobeAdobe normally releases patched versions of its main products on the second Tuesday of each month, to coincide with Microsoft’s update schedule. Occasionally they will depart from this schedule, as they have with the new versions of Reader/Acrobat announced on August 29.

The new versions of Reader and Acrobat address sixty-seven vulnerabilities, many of which were discovered by security researchers outside Adobe. All of the vulnerabilities involve either information disclosure or remote code execution.

Anyone who uses Adobe Reader or Acrobat is advised to install the new versions as soon as possible. You can do that by visiting the Acrobat Reader Download Center.

Patches and updates, Vivaldi

Vivaldi 1.11

Leave a comment

The latest version of Vivaldi includes numerous bug fixes, as well as useful improvements to Reader Mode, and a setting for disabling animated GIFs. It also sports a new icon.

None of the bug fixes in Vivaldi 1.11 are related to security, so this isn’t a particularly urgent update. To update Vivaldi, click its menu icon, then Help > Check for updates...

Firefox, Mozilla, Patches and updates, Security

Firefox 55

Leave a comment

Besides fixing twenty-nine security vulnerabilities, Firefox 55 adds support for the virtual reality technology WebVR, some new performance-related settings, and improvements to address bar functionality. The sidebar can now be on the right side of the browser, instead of only on the left. The Print Preview function now includes options for simplifying what’s printed. Starting Firefox with multiple tabs is now much faster. The Flash plugin is now ‘click to activate’ and only works with regular web and secure web URLs.

The default installation process has been modified, to simplify and ‘streamline’ installation for most users. Traditional, full installers are still available. The somewhat-less-likely-to-crash 64-bit version of Firefox is now installed by default on 64-bit systems with at least 2 GB of RAM.

Mozilla steadfastly refuses to mention version numbers in Firefox release announcements (including the one for Firefox 55), or to announce all new versions. Their rationale seems to be that the information exists somewhere, therefore they have done their job. Combined with the unpredictability of Firefox’s internal update mechanism, this is an ongoing frustration for some users (possibly only me).

On that subject, I’m still waiting for my installation of Firefox to notice that a new version is available. Firefox 55 includes changes to the browser’s built-in update process, but it’s not clear whether those changes will actually improve things. From the release notes: “Modernized application update UI to be less intrusive and more aligned with the rest of the browser. Only users who have not restarted their browser 8 days after downloading an update or users who opted out of automatic updates will see this change.

Update 2017Aug13: According to denizens of Mozilla’s official #firefox IRC channel, the Firefox update servers have been disabled because of some problems with Firefox 55. Of course, Firefox will continue to tell you that “Firefox is up to date”, which can mean several different things. There’s no word on when the update servers will be back online, or what the problems are, but a search of the bug list for Firefox shows a likely candidate: Tabs are all restored as blank frequently after restart of [sic] applying Firefox 55 update. Apparently after upgrading to Firefox 55, some users are having problem restoring tabs, and in some cases, profile information is lost. Recommendation: don’t jump the gun and install Firefox 55 manually. Wait for the next version, which will likely be 55.0.1 or 55.0.2.

Update 2017Aug15: A new post on the Mozilla blog (64-bit Firefox is the new default on 64-bit Windows) confirms that 64-bit Firefox is now the default for 64-bit Windows systems, and that the 64-bit version is much more stable than its 32-bit equivalent. It goes on to say that to get the 64-bit version, you can either download and install it manually, or “You can wait. We intend to migrate the remaining 64-bit Windows users to a 64-bit version of Firefox with a future release.” No word on just how long we’ll have to wait.

Update 2017Aug17: Today, my install of Firefox started showing 55.0.2 as the latest version on its Help > About dialog. I went ahead and let it update itself, and now I’m running the 32 bit version of 55.0.2. According to the release notes, Firefox 55.0.1 fixes the bug in the tab restoration process that was introduced in 55.0. Firefox 55.0.2 fixes a problem with profiles that was introduced in 55.0.

Adobe, Edge, Flash, Internet Explorer, Microsoft, Patches and updates, Security, Windows

Patch Tuesday for August 2017

Leave a comment

It’s once again time for the monthly headache otherwise known as Patch Tuesday.

As you’re no doubt aware from my previous whining, Microsoft no longer publishes a bulletin for each update, and finding useful information in the Security Update Guide is awkward at best. It feels like Microsoft is trying to get everyone to just give up and enable auto-update. Of course with Windows 10 you no longer have a choice: you get updates when Microsoft wants you to have them. Which is one of the reasons I don’t use that particular O/S.

From my analysis of the Security Update Guide‘s entries for August 2017, it appears that we have thirty-nine updates, addressing fifty-three vulnerabilities in Internet Explorer, Edge, Windows, SharePoint, Adobe Flash Player, and SQL Server. Eighteen of the updates are flagged as Critical. Time to fire up Windows Update on all your Windows 8.1 and Windows 7 computers.

Adobe released updates for Flash and Reader today. The Reader update (Reader DC/Continuous: 2017.012.20093; Reader 2017: 2017.011.30059; Reader DC/Classic: 2015.006.30352) addresses sixty-seven vulnerabilities. The Flash update (version 26.0.0.151) addresses two vulnerabilities. Anyone still using Flash or Reader, especially as web browser plugins, should install the new versions as soon as possible.