Mozilla released a new version of Firefox today. Version 19.0.2 fixes one security vulnerability.
As usual, the release notes and complete list of changes for this release are a mixture of old and new information, making the job of figuring out what has actually changed needlessly difficult.
Yesterday, Google announced a new version of its web browser, Chrome. The new version fixes one security vulnerability.
And just like that, another new version of Java. Version 7 update 17 (what happened to update 16?) includes fixes for some serious security vulnerabilities, as outlined in the associated security alert.
You’ll forgive me for not trusting Oracle’s word on whether any particular vulnerability has truly been fixed. I’ll defer to Adam Gowdiak and other security researchers for the final judgment. Certainly 7u17 is the latest version of Java, and it presumably fixes some of the holes in 7u15, so anyone using Java – especially in their browser – should install it ASAP. But I’m going to leave Java 7u17 flagged as possibly vulnerable.
Another new version of Google’s web browser was announced today. Version 25.0.1364.152 includes fixes for several security vulnerabilities.
Since Flash isn’t mentioned in the release notes, presumably the version of Flash included in the new version is still 11.6.602.171. Let’s see… okay, I just updated Chrome to 25.0.1364.152, and the integrated Flash is definitely still 11.6.602.171.
On February 26, Adobe announced version 11.6.602.171 of the Flash player. As usual, Adobe says: “These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.” The technical details are available in Adobe Security Bulletin APSB13-08.
Microsoft simultaneously announced a Flash update for Internet Explorer 10 on Windows 8, which will be delivered via Windows Update.
Google will no doubt release a new version of Chrome that includes the Flash updates in the next day or so.
Anyone who uses Flash in their web browser should install the appropriate update as soon as possible. That includes anyone who uses Youtube. So basically just about everyone.
Version 25.0.1364.97 of Google’s Chrome web browser was announced yesterday.
The new version includes several security and other bug fixes, as well as some new features for web developers and voice recognition.
No mention of Java is made in the announcement linked above, but presumably the most recent Java security fixes found their way into this Chrome release.
Starting with this version, Chrome extension updates are no longer installed ‘silently’. This is a welcome improvement in security.
As expected, Adobe has announced updates for its Reader and Acrobat software to address recently-revealed security vulnerabilities. The full technical details are available in the related security bulletin.
Oracle/Sun has released Java version 7, update 15. What happened to update 14? Anyway, the new version includes a batch of security and other bugfixes they wanted to release with the last batch, and which were originally scheduled for release today. Confused yet?
Since the new version is all about fixing the rather horrible Java security vulnerabilities that have been revealed in recent weeks, you should go ahead and install the update, if you use Java. If you don’t use it, pat yourself on the back and count yourself lucky.
If you read the announcement linked above, you’ll notice that once again, determining the version being discussed is left as an exercise for the reader, since the version (7u15) is not mentioned anywhere on the page. There are plenty of references to the versions being replaced, which only adds to the confusion. Annoying.
Firefox 19 was released today, with the usual lack of a proper announcement, and a confusing jumble of change information from Mozilla.
Instead of a proper announcement for the new version, all we get is this post announcing a new, built-in PDF viewer.
As usual, the release notes for version 19 are confusing, but at least the new version is mentioned, albeit in an unusual congratulatory note to ‘new Mozillians’ – whatever they are. And, as always, the complete list of changes for version 19 actually includes every bugfix in recent history. When are they going to clean this stuff up, one wonders.
Still, a built-in PDF viewer will allow users to steer clear of at least one buggy piece of Adobe software in the form of a Reader plugin. It remains to be seen whether the new viewer has as many security issues as what it’s replacing.
If you’re running Windows 7, and you haven’t already installed Service Pack 1, you should do so before April 9, 2013. After that date, Microsoft will no longer provide patches for Windows 7 without SP1. That includes security patches.
Microsoft will continue to supply patches for Windows 7 with SP1 until January 14, 2020.
The details are laid out in a related post on Microsoft’s Springboard blog.
boot13