boot13There’s another new version of Firefox. Version 40.0.3 was released yesterday, with the usual total lack of a proper announcement. The release notes make it clear that this is a minor bug fix release, although at least two security vulnerabilities were also fixed.
Security updates for QuickTime on Windows 7 and Vista
I don’t usually post about Apple software, but the QuickTime Player is installed on many Windows computers, so it falls into a kind of grey area.
Apple recently released an update for QuickTime to address at least nine vulnerabilities it exposes on Windows 7 and Vista computers. Anyone who uses QuickTime on Windows 7 or Vista should install the new version of QuickTime as soon as possible.
I no longer have QuickTime installed on my main computer. Downloaded QuickTime media files play in a combination of VLC and Windows Media Player. There’s no QuickTime player plugin in my my main web browser, either, but I don’t really mind not being able to see QuickTime media embedded in web pages. If I really need to see that content, I can always download it.
If you’re not sure whether you have QuickTime installed, or want to find out how QuickTime media is played on your computer, you can try playing these QuickTime sample media files.
Chrome 44.0.2403.157 released
The latest version of Google’s web browser is 44.0.2403.157. The announcement is again light on details, but the change log shows that this version fixes a few minor bugs, some related to Windows 10. It doesn’t look like there are any fixes for security vulnerabilities.
Shockwave 12.1.9.160 released
There’s a new version of Adobe’s Shockwave Player. It’s not clear when the new version appeared, since there was no official announcement. There’s nothing at all on the release notes page, other than the fact that the most recent version of Shockwave is 12.1.9.160.
You can download the new version from the main Shockwave page, which also shows the most recent version as 12.1.9.160. You can check what version of Shockwave is installed (if any) on your computer at the Shockwave Help page.
Java 8 Update 60 announced
The latest offering of Java from Oracle is version 8, update 60. This new version adds some uninteresting functionality and fixes a few bugs. Some of the fixes are related to security, but none appear to address critical vulnerabilities, so there doesn’t seem to be any urgency about updating. See the release notes for additional details.
Emergency patch for Internet Explorer
Earlier today, Microsoft issued a special update (MS15-093) to address a critical vulnerability in all versions of Internet Explorer. The new Edge browser is not affected.
Normally, security updates for IE are provided on monthly Patch Tuesdays. Since Microsoft is making this update available outside the regular update cycle, we can assume that exploits for the vulnerability have been observed in the wild.
The vulnerability is a bad one. Merely visiting a specially-crafted web page with Internet Explorer can cause malicious code to execute, leading to the possibility of an attacker installing just about any kind of software or accessing any information on the affected Windows computer.
If you use Internet Explorer, please use Windows Update to install this patch as soon as possible.
WordPress 4.3 released
There are big improvements to password handling in the newest version of WordPress:
You start out with a strong password by default and you are given the option to keep it or choose your own. A password strength meter is available as well as the option to hide your password from prying eyes. WordPress will no longer send passwords via email and the password reset links will expire in 24 hours. E-mail notifications will be sent out in the event that an e-mail or password is changed.
The release notes for WordPress 4.3 list other changes. There are no security vulnerability fixes in this version, so updating is not urgent, but the password-related changes alone are worth the trouble.
Firefox 40.0.2 released
Version 40.0.1 appeared briefly on the Firefox download page yesterday, but it was removed almost immediately. Then 40.0.2 appeared, and it seems to be staying put. The release notes reveal that the new version fixes a few minor bugs, but none of those bugs seem to be related to security. There was, as usual, no proper announcement for this version.
Chrome 44.0.2403.155 released
Chrome updates now happen so frequently, and they so rarely cause problems, that I no longer have any qualms about the browser’s auto-update mechanism. Of course, if a Chrome update makes the browser unusable, I can use another browser for however long it takes Google to fix it, which would not be the case for a bad Windows update.
The release announcement for Chrome 44.0.2403.155 doesn’t provide any details, which is starting to become the norm, sadly. And Google was doing so well with this…
Parsing the change log reveals that the new version contains fixes for a few minor issues, including at least one related to stability.
Firefox 40 improves add-on security
The newest Firefox is version 40, and as usual there was no proper announcement. There’s a post on the Mozilla blog that gets into the details of version 40’s security improvements, but it never mentions the version. The release notes provide additional details. Here are some of the more notable changes:
- Improvements to Windows 10 support, including workarounds for the way Microsoft messes up default browser settings
- Add-on certification: non-certified add-ons will be disabled by default
- Improvements to visual style: for example, the ‘close’ button on tabs is now larger
- Expanded malware protection, which warns users about to visit sites that are flagged by Google’s Safe Browsing Service
- Smoother animation and scrolling for Windows
- Improvements to JPEG image handling
- At least fourteen security fixes