Firefox, Patches and updates, Security

Firefox 44.0 released

Leave a comment

With traditional (aka standard, normal, common, sensible) software version numbering, moving from version 43 to version 44 would normally signal big changes and (hopefully) improvements. This is no longer the case with Mozilla’s version numbering scheme for Firefox.

Case in point is Firefox 44.0, made available by Mozilla on January 26. According to the release notes, there are no major new features. A few bugs were fixed, including about twelve security issues. Many of the changes are related to encryption and video handling. Several improvements to the developer tools also made it into this release.

In other words, there’s really nothing in this release that makes it worthy of a major new version number (44). How is Mozilla making these decisions? Your guess is as good as mine.

Meanwhile, of course – and despite assurances from Mozilla – this release, somehow worthy of a major new version number, was not even announced by Mozilla. At least not anywhere I looked. I discoverd the new version because of (yet again) a post on the US-CERT site.

Chrome, Google, Patches and updates

Chrome 48.0.2564.97 released

Leave a comment

There don’t seem to be any security fixes in the latest version of the Chrome browser, 48.0.2564.97.

The announcement doesn’t include any details to speak of. The full change log lists sixty-eight changes, most of which are minor bug fixes. A few of the changes are related to stability and performance.

There’s also a related post on the Chrome blog. Most of that post is about new features related to mobile users, so it may not be of much interest.

On most computers, Chrome will silently update itself to the new version.

Java, Patches and updates, Security

Java 8 Update 71 released

Leave a comment

Oracle seems to be jealous of Microsoft’s ability to confuse the heck out of users. Of late, Java releases seem to come in two distinct versions, with the later version being typically unavailable to most users.

The latest update is a good example: the release announcement talks about Java 8u71 and 8u72, and says that 8u71 contains security fixes. It goes on to say that 8u72 contains the same bug fixes plus ‘additional features’.

If you use the Windows Java Control Panel to update Java on your computer, you’ll end up with Java 8u71. If you go to the main Java download page and choose one of the versions for Windows, again you’ll end up with 8u71. So what’s 8u72 for?

The release notes page for Java 8u71 describes a few non-security bug fixes. Oracle’s Critical Patch Update Advisory for January 2016 shows about eight security vulnerabilities that are addressed in Java 8u71. So if you use Java, you should install 8u71 as soon as possible.

Adobe, Chrome, Edge, Firefox, Flash, Internet Explorer, Patches and updates, Security

More Flash updates

Leave a comment

The latest version of Flash is 20.0.0.286, for most browsers. Microsoft Edge and Internet Explorer on newer versions of Windows are apparently still stuck at Flash 20.0.0.272.

Sadly, the information on the Adobe site related to these updates is inconsistent, confusing, or just missing.

The About Flash page doesn’t seem to agree with the announcement page. The former shows “Internet Explorer (embedded – Windows 8.x) – ActiveX 20.0.0.286”, while the latter shows “Flash Player 20 for Internet Explorer on Windows 8.1: 20.0.0.272”.

The Flash runtime announcement says “Security update details can be found here: Security Bulletin (APSB16-01)”. But the APSB16-01 bulletin is for the previous Flash updates. The linked URL is also wrong; it points to an even older bulletin: APSB15-32. And to top it off, the security bulletin that should exist (APSB16-02) for this update currently generates an error.

Hopefully Adobe will fix this mess ASAP.

Meanwhile, although the announcement doesn’t mention any security fixes in the new versions, it’s safe to assume they exist, so you should update Flash in any browser where it’s enabled.

As usual, Internet Explorer on new versions of Windows will receive these updates via Windows Update, and Chrome will get its new Flash automatically.

Update 2016Feb02: I reported the announcement and bulletin problems (noted above) to the author of the announcement. He replied that the About page would be fixed, and that he had fixed the link to the bulletin on the announcement page. Unfortunately, that link now goes to the bulletin for the previous Flash release. The author claims that bulletin still applies, but it really doesn’t, since it recommends the previous version of Flash.

Update 2016Feb04: According to the author of the announcement, there were effectively no changes in this Flash update. Certainly there were no security fixes. A link to the previous security bulletin was included simply because it was the most recent bulletin. The link text will be changed to make this more clear.

Microsoft, Patches and updates, Windows 10

Windows 10 Insider Preview build 11099

Leave a comment

My Windows 10 test computer just upgraded itself to the latest Insider Preview build, 11099.

I’m now on what Microsoft calls the ‘Fast Ring’, which means that I get new Windows 10 builds almost immediately after they become available. One of the drawbacks of this scheme is that these early builds tend to have more problems than regular releases. For me, that’s acceptable, because my test PC is not used for much aside from testing. I wouldn’t try this on my main computer.

The first thing I noticed about the new build is that the File Explorer progress dialogs are back. Those dialogs disappeared in the last build, which wasn’t a huge problem, but it was disconcerting.

The only other difference I’ve noticed in this build is a weird error message that pops up when Windows starts. There’s additional information, including a couple of possible fixes, over at Neowin.

I’ll post updates here as I work with the new version.

Adobe, Patches and updates, Security, Shockwave

Shockwave 12.2.3.183 released

Leave a comment

A new version of the Shockwave player is available from Adobe. The official download page correctly shows the new version as 12.2.3.183, and that’s what you’ll get if you install Shockwave Player from there.

Unfortunately, Adobe still lags behind in updating other web resources related to Shockwave. The Shockwave Player help page, which detects the version you’re running, correctly identifies the installed version, but claims that the newest version is 12.1.9.159. The release notes page for Shockwave 12.x lists the latest version as 12.2.1.171.

If you use a web browser with Shockwave enabled, you should install version 12.2.3.183 as soon as possible, because there are almost certainly security fixes in the new version.

Chrome, Google, Patches and updates

Chrome 47.0.2526.111 released

Leave a comment

A few minor bug fixes prompted the release of Chrome 47.0.2526.111 on January 13. None of the fixes are related to security. In most cases, Chrome will update itself automatically to the new version.

The change log has all the technical details, and since there are relatively few changes, the log probably won’t crash your browser when you try to look at it. You can also view the changes in the log in an easier to read format.

Rants and musings on topics of interest. Sometimes about Windows, Linux, security and cool software.

Close

Ad-blocker not detected

Consider installing a browser extension that blocks ads and other malicious scripts in your browser to protect your privacy and security. Learn more.