Category Archives: Security

aka infosec

Firefox, Mozilla, Patches and updates, Security

Firefox 66.0 and 66.0.1

Leave a comment

The latest major release of Firefox is version 66, which was announced on March 19th. The new version includes some welcome improvements and twenty-one security fixes.

What’s new in Firefox 66?

  • Audio is now prevented from playing by default. You can override this behaviour with a global setting, or add specific web sites to an exclusion list.
  • When you have a lot of tabs open, Firefox now shows a down-arrow button at the end of the tab bar. Clicking this button shows a list of all open tabs, and provides a special search function, allowing you to search your open tabs.
  • Scroll Anchoring tries to keep your content in place even as advertising and other images try to push what you’re reading off the page.
  • Extensions get a slight speed boost.
  • It’s now a bit easier to configure keyboard shortcuts for extensions.
  • HTTPS certificate error pages are easier to understand.
  • Additional performance and stability improvements, especially during page loading.
  • AV1 video support was added to the 32-bit version of Firefox.

Firefox 66.0.1 addresses two security issues in earlier versions, and was released on March 22nd.

You can check which version you’re running by clicking Firefox’s ‘hamburger’ menu, and navigating to Help > About Firefox. If you’re not yet up to date, you should see an Update button that allows you to install the latest version.

Chrome, Google, Patches and updates, Security

Chrome 73.0.3683.75

Leave a comment

The release announcement for Chrome 73.0.3683.75 links to a list of sixty security issues which are fixed in the new version.

Many of the vulnerabilities addressed in Chrome 73.0.3683.75 were discovered by external security researchers, once again demonstrating the value of Google’s open attitude towards bug submissions.

Although Chrome usually updates itself within a few days of a new release, you can expedite this process by checking for available updates. Do that by navigating Chrome’s three-dot menu (by default at the top right), to Help > About Google Chrome. This will trigger an update, if one is available.

Opera, Patches and updates, Security

Opera 58.0.3135.90

Leave a comment

A security update in the Chrome engine prompted last week’s release of Opera 58.0.3135.90. Opera is built on Google’s Chrome engine (also known as Blink), so when there’s a security update in Chrome, it usually finds its way into Opera within days.

Aside: The Blink engine forms the core of many popular browsers. I use Chrome, Vivaldi, Opera, Firefox, Internet Explorer and Edge for different tasks, based on my experience with those browsers. Opera, Vivaldi, and of course Chrome are built on the Blink engine. Internet Explorer is being phased out. Edge will soon be built using Blink instead of Microsoft’s own engine. The Blink engine seems poised to take over completely, which has some people concerned.

To check Opera’s version, click its ‘O’ menu (usually at the top left), then select Update & Recovery, then click Check for Update.

Edge, Internet Explorer, Microsoft, Patches and updates, Security, Windows

Patch Tuesday for March, 2019

Leave a comment

According to Microsoft’s Security Update Guide, March’s updates, twenty-eight in all, include fixes for at least sixty-five security vulnerabilities in .NET, Flash Player (in IE and Edge), Internet Explorer, Edge, Office, Visual Studio, and Windows.

Even if you have automatic updates enabled on Windows 7 and 8 computers, it’s a good idea to check for and install the new updates. If you’re running Windows 10, auto-updates can’t be disabled, but you can still check for updates, and get them sooner that way.

There are no updates for Flash or Reader from Adobe so far in March.

Chrome, Google, Patches and updates, Security

Chrome 72.0.3626.121

Leave a comment

The latest Chrome browser release is version 72.0.3626.121, and it fixes a security vulnerability for which exploits have been observed ‘in the wild’. So this is an important update.

When I try to look at the full change log using the link provided by Google, I get a blank page. Not sure what’s going on there.

If you use Chrome, it’s almost certainly updating itself on Google’s somewhat mysterious schedule. But you can check your version and initiate an update by navigating its ‘three dot’ menu to Help > About Google Chrome.

Adobe, Patches and updates, Security

Acrobat Reader DC 2019.010.20098

Leave a comment

Adobe logoAdobe’s Acrobat/Reader line of PDF viewers was recently updated to address a single security issue.

Although there are several variations of Acrobat and Reader, the one of interest to most people is the freeware Acrobat Reader DC (Continuous). That’s the one you probably have installed on your computer. The new version for that variant is 2019.010.20098.

Recent versions of Reader seem to update themselves in the background, courtesy of an update service called ARM that gets installed along with Adobe products. You can check which version you’re running by navigating Reader’s menu to Help > About Adobe Acrobat Reader DC.

Mozilla, Patches and updates, Security, Thunderbird

Thunderbird 60.5.1

Leave a comment

Another set of security vulnerabilities was recently addressed by Mozilla with the release of Thunderbird 60.5.1. All four security issues are rated as having High impact, and are likely to affect Thunderbird’s confidentiality (leak private data), integrity (cause crashes), and/or availability (prevent normal operation).

To update Thunderbird, click its hamburger menu icon at the top right, then select Help > About Thunderbird to show your installed version. If a newer version is available, you should see a button offering to install it.

Adobe, Edge, Flash, Internet Explorer, Microsoft, Patches and updates, Security, Windows

Patch Tuesday for February 2019

Leave a comment

Analysis of Microsoft’s Security Update Guide for February 2019 reveals that there are sixty-one distinct updates and corresponding articles in Microsoft’s support knowledge base.

At least seventy-seven vulnerabilities in Windows, Office, .NET, Internet Explorer, Edge, and Visual Studio are addressed by the updates. Twenty of the updates are flagged as Critical. Included in the updates is a new version of Flash for Internet Explorer and Edge.

As always, the easiest way to update Microsoft software is to use Windows Update, found in the Control Panel or System settings of your version of Windows.

Adobe once again adds to the patching load with new versions of Flash and Reader. Flash 32.0.0.142 addresses a single security vulnerability in earlier versions. The easiest way to check your Flash version and grab an update is to visit the Flash Help page.

Adobe Reader DC 2019.010.20091 includes fixes for at least seventy security bugs in earlier versions. Newer versions of Reader support auto-updates, but you can check for new versions by running Reader, and selecting Help > Check for Updates from its menu. If there’s a new version available, you’ll be prompted to install it.

Chrome, Google, Patches and updates, Security

Chrome 72.0.3626.96

Leave a comment

A single security fix prompted the release of Chrome 72.0.3626.96 last week. The full change log for this release lists forty-one changes in all, but most of them are not significant.

Chrome usually updates itself, but on its own mysterious schedule. So if you want to make sure you’re up to date, navigate its menu to Help > About Google Chrome to see the version you’re running and install any available updates.