Firefox 16.0 pulled due to vulnerability

Update 2012Oct12: Version 16.0.1 of Firefox has just been released. The new version fixes the vulnerability that caused version 16.0 to be pulled from the Firefox download site yesterday. All users are encouraged to upgrade to 16.0.1 as soon as possible.

Firefox 16.0 has been removed from the Mozilla web site due to a new vulnerability. Users who have already upgraded to the new version should either downgrade to version 15.0.1 or exercise extreme caution before visiting any unfamiliar or suspicious web site. The new vulnerability makes it possible for web sites to access information that is normally protected by the browser.

Update 2012Oct12: No exploits using this vulnerability have yet been seen in the wild, but a proof of concept has been published. The POC demonstrates the vulnerability with a few lines of Javascript code that could be embedded on a web site. Now that this POC has been made public, it’s reasonable to assume that similar code will start appearing on hacked and malicious web sites in the very near future.

Microsoft releases patches for Windows 8

Despite the fact that Windows 8 has not yet started appearing on store shelves, Microsoft is releasing a set of updates for the new operating system. Since Windows 8’s RTM (release to manufacturing), several new issues have been discovered, and the updates are intended to address those issues.

Anyone testing or evaluating Windows 8 should install the updates, which are available through Microsoft Update.

Anyone buying a new computer with Windows 8 installed on it should check for and install any pending updates immediately after powering up the computer for the first time. Anyone installing Windows 8 after it is released to retail should also immediately check for and install any pending updates.

More security fixes for Adobe Flash

Released yesterday, version 11.4.402.287 addresses security, performance and stability issues in the previous versions of Flash. Users are encouraged to install the new Flash as soon as possible.

Note that at the time of this post, the Flash Player Update Announcement on Adobe’s site shows the wrong version in the first paragraph. It should show the new version as 11.4.402.287 but instead shows it as 11.4.402.278.

Updates for Internet Explorer 10 and Google Chrome, containing associated fixes for Adobe Flash, were also released yesterday.

October 2012 Patch Tuesday Advance Notice

Another month, another batch of updates from Microsoft. On October 9, starting at about 10 am PDT, Microsoft will release patches that address a total of twenty vulnerabilities in Windows and Office. Seven security bulletins will cover the defects being patched, one of which is a critical vulnerability in Word.

Also included in the upcoming updates will be Microsoft Security Advisory (2661254): Update For Minimum Certificate Key Length. This update is the final step in a series of actions taken by Microsoft to improve Internet-based security for its products. This update will force RSA-encrypted communications in Internet Explorer and Outlook to use keys that are 1024 bits in length or greater. If you access secure web sites with Internet Explorer or use encrypted email with Outlook, this update may cause those services to stop working. For further details, see:

News for me, stuff that matters… to me. Windows, Linux, security, tools & miscellany.