Category Archives: Patches and updates

Adobe, Chrome, Edge, Flash, Internet Explorer, Patches and updates, Security, Windows

Flash update fixes 13 vulnerabilities

Leave a comment

A new version of Flash, released yesterday, addresses at least thirteen vulnerabilities in previous versions.

According to the security bulletin for Flash 24.0.0.221, the new version fixes “critical vulnerabilities that could potentially allow an attacker to take control of the affected system.”

The release notes for Flash 24.0.0.221 describe some new features that are likely only of interest to developers.

As usual, Internet Explorer and Edge will get new versions of their embedded Flash via Windows Update, while Chrome’s embedded Flash will be updated automatically.

Anyone who still uses a web browser with Flash enabled should update it as soon as possible.

Patches and updates, Security, Vivaldi

Vivaldi 1.7

Leave a comment

Apparently the people who develop Vivaldi believe that adding a screen capture feature to the browser is a good use of their time. Perhaps if you don’t use any other web browsers, and you only ever need to capture screenshots of web sites, and never of anything outside the browser, this would be a useful feature. The rest of us will use the much more powerful features of general-purpose screen capture tools like ShareX.

Aside from the arguably pointless addition of screen capture, Vivaldi 1.7 further improves audio handling, and includes tweaks for domain expansion in the address bar. More importantly, Vivaldi now warns users when they navigate to a non-encrypted page that prompts for a password.

You can see the complete list of changes for Vivaldi 1.7 in the official release announcement.

Opera, Patches and updates

Opera 43

Leave a comment

The folks who develop the alternative web browser Opera are working on improving page loading time, and if their own benchmarks are any indication, those efforts have paid off.

Opera 43 shows significant speed gains over Opera 42, due mainly to the introduction of two new technologies: ‘instant page loading’, which predicts the site you’re looking for as you’re typing in the address bar, and PGO, which optimizes the browser code to make it run faster when it’s most important.

The new version also includes improvements to URL highlighting/selecting. Previously, there was no way to highlight linked text. With Opera 43, highlighting linked text works as expected if you use a horizontal motion, and if you use a vertical motion, the entire link is copied, as before.

There are loads of other changes in Opera 43, as you can see from the lengthy change log. However, none of the changes seem to be related to security vulnerabilities.

Patches and updates, Security, WordPress and other CMS

WordPress 4.7.2 – security update

Leave a comment

Most WordPress sites are configured to automatically update themselves when a new version becomes available. Still, anyone who manages any WordPress sites should make sure they are up to date with version 4.7.2, released yesterday.

WordPress 4.7.2 addresses three serious security vulnerabilities. You can find all the details in the release announcement.

Update 2017Feb02: Apparently WordPress 4.7.2 included a fix for a fourth security vulnerability, which wasn’t announced until February 2. The vulnerability is so severe that the WordPress developers didn’t want to risk anyone knowing about it until the majority of WordPress sites were updated.

Firefox, Mozilla, Patches and updates

Firefox 51.0.1

Leave a comment

There were a couple of problems with Firefox 51 that prompted Mozilla to push out another new version yesterday. Firefox 51.0.1 resolves the two problems, one of which was related to the new multiprocess features.

Firefox itself seems to take a few days to notice new versions. Click the ‘hamburger’ menu button at the top right, then click the question mark icon, then click ‘About Firefox’ to see the version you’re running. In my experience, Firefox will usually say ‘Firefox is up to date’ until a couple of days after a new release becomes available. This is potentially confusing, but Mozilla doesn’t seem to understand that.

If you don’t want to wait for Firefox to notice the new version, you’ll have to download it directly from Mozilla.

Chrome, Google, Patches and updates, Security

Chrome 56.0.2924.76

1 Comment

Chrome version 56.0.2924.76 includes fixes for fifty-one security vulnerabilities. But wait, that’s not all. If you want to see what happens when your web browser loads a really big web page, navigate to the change log for Chrome 56.0.2924.76. It’s a behemoth, documenting over ten thousand separate changes.

One change in particular deserves mention: starting with this version, Chrome will show ‘Secure’ at the left end of the address bar if a site is encrypted. When Chrome navigates to a web page that isn’t encrypted, but does include a password prompt, it will show ‘Not Secure’ in the address bar.

Chrome seems to update itself reliably, soon after a new version is released. Still, given the number of security fixes in this release, it’s not a bad idea to check.

Opera, Patches and updates

Opera 42.0.2393.351 and 42.0.2393.517

Leave a comment

Opera 42.0.2393.351 fixes a handful of bugs, several related to the 64-bit version of the browser. See the change log for details.

Opera 42.0.2393.517 fixes four more issues, some of which first appeared in 42.0.2393.351. See the change log for details.

None of the changes in either new version seem to be related to security. Opera will usually update itself shortly after a new version becomes available.

Firefox, Mozilla, Patches and updates, Security

Firefox 51 fixes 24 security issues

Leave a comment

The latest version of Firefox addresses at least twenty-four security vulnerabilities and changes the way non-encrypted sites appear in the address bar.

As usual, there’s nothing like a proper announcement for Firefox 51. What we get from Mozilla instead is a blog post that discusses some new features in Firefox, and mentions the new version number almost accidentally in the third paragraph. Once again, CERT does a better job of announcing the new version than Mozilla.

Starting with version 51, Firefox will flag sites that are not secured with HTTPS if they prompt for user passwords. Secure sites will show a green lock at the left end of the address bar as before, but sites that are not secure will show a grey lock with a red line through it. Previously, non-encrypted sites showed no lock icon at all. The idea is to draw the user’s attention to the fact that they are browsing without the security of encryption, which is risky when sensitive information (passwords, credit card numbers) is entered by the user.