The latest version of Firefox fixes at least thirteen security vulnerabilities. The release notes for Firefox 50.1 don’t provide much detail, but the related security vulnerabilities page at least lists the issues.
It almost goes without saying that there was no proper announcement from Mozilla for this new version, despite the fact that it includes fixes for critical security issues.
A new major release of Opera includes some potentially useful features. The release notes for Opera 42.0.2393.85 provide the details:
Opera remains a solid alternative to the big three browsers (Internet Explorer, Firefox, and Chrome), although it still doesn’t have a proper bookmark sidebar.
Details are sketchy, but apparently a recent Windows 10 update caused major problems for some users. Affected users were suddenly unable to access the Internet. December’s Patch Tuesday (earlier this week) included an update that addresses this problem.
This issue once again raises the question of whether Microsoft can be trusted not to push flawed Windows updates, especially now that updates are essentially mandatory and unavoidable.
Update 2016Dec16: Many of the Knowledge Base pages on the Microsoft support site now include this message at the top: “If you are experiencing issues connecting to the internet we recommend you restart your PC by going to Start, clicking the Power button, then choosing Restart (not Shut down).” No further explanation is provided.
For 2016’s final set of updates, Microsoft has issued twelve bulletins, with associated patches, affecting the usual software, namely Windows, Internet Explorer, Edge, Office, and the .NET Framework. Forty-seven vulnerabilities in all are addressed by these updates.
Adobe issued updates for several of its products today, but the only one likely to be of interest to most people is, of course, Flash. And I mean ‘interest’ in the sense of “I am very interested in not having my computer infected with malware because I visited a malicious web site while running an out-of-date version of Flash.” The new version of Flash on all platforms is 24.0.0.186. It addresses seventeen vulnerabilities in the still-ubiquitous player. As usual, Flash in Internet Explorer and Chrome will be updated automatically.
There’s not much to talk about in Chrome 55.0.2883.87. The change log lists about thirteen actual changes, but none of those are related to security and they’re all relatively minor.
Earlier this week a minor update was released for Vivaldi. A new update mechanism was used (for the first time) to distribute this version to existing Vivaldi clients; according to the release notes for version 1.5.658.56, this reduced the size of the download to 323 kilobytes. The full download for Vivaldi 1.5.658.56 is 38.5 megabytes.
The update itself includes a few minor bug fixes, none related to security.
A new version of Chrome fixes at least thirty-six security issues in the browser. Aside from listing the vulnerabilities addressed, the release announcement says only that Chrome 55.0.2883.75 “contains a number of fixes and improvements”. You’ll have to read the change log to figure out what else is different. Sadly, the full change log is another one of those browser-killing monstrosities, with almost 10,000 changes listed. Don’t click that link if you have an older computer.
If you’re a Firefox user, you might want to think about using a different browser for the next day or so. Researchers have discovered a critical vulnerability that has yet to be patched. Mozilla is working on a fix but there’s no word on when it will be available.
Update 2016Nov30: Mozilla just released Firefox 50.0.2, which includes a fix for this vulnerability. Mozilla posted about this as well.
There’s a critical security vulnerability in Firefox 49 and 50, and Mozilla just released Firefox 50.0.1 to address it. Which is great, except for one thing: the total lack of anything resembling an announcement.
Yes, Firefox can be configured to update itself or alert you when an update is available, but that setting can also be disabled completely. Worse, it can take days for Firefox’s internal update checker to detect that there’s a new version.
I discovered the new version by way of a post on the US-CERT site.
Version 41.0.2353.69 of Opera upgrades the browser’s Chromium engine, and fixes one ‘nasty’ crashing problem involving dragged bookmarks (change log).
boot13