Skip to main content
Start a Conversation

Unsolved

ky331

3 Apprentice

 • 

15.3K Posts

32

August 13th, 2024 10:22

Updates 8/13/24 - "Microsoft (& Firefox) Tuesday", PaleMoon, Adobe Reader

Today is "Microsoft Tuesday" --- the SECOND Tuesday of the month --- on which Microsoft is expected to release its monthly cycle of Windows security updates. Based on previous history, they should become available at 1 P.M. [USA - Eastern DAYLIGHT SAVING Time]

 

Please use Windows/Automatic Updates to determine which updates are applicable to your particular system.

Firefox should also be joining-in with an update.

ky331

3 Apprentice

 • 

15.3K Posts

August 13th, 2024 10:54

Pale Moon v33.3.0 (2024-08-13).

Remark:   This forum is removing some formatting (specifically, the bullet-points) included in the text I've copied/pasted.   I will not take the time to edit/fix all the separators.   If the text here appears confusing, please see the post in the release notes:

https://www.palemoon.org/releasenotes.shtml

This is a major development update.

Important notes with this version:

  1. From this version forward, all 64-bit releases require a processor with AVX capabilities! Please keep an eye on the forum for announcements of 64-bit SSE builds by the community if you are on particularly old or otherwise limited hardware that does not support AVX.
  2. For Linux users: Starting with this version, our binaries are built with gcc 11 on a still conservative but more modern build platform (Oracle Linux 8). As a result, there may be some lib incompatibilities if you are still running on a particularly old distro for some reason. While we try to serve as broad of a Linux base as possible with our binaries, our lowest common denominator will occasionally shift to newer distros as a result of O.S. life cycles, compiler capabilities and available libraries.

Changes/fixes:

  • Implemented the bulk of the CSS "cascade layers" spec (@layer{}). This implementation is not 100% complete yet, but should satisfy common use of CSS cascade layers on the web.
  • Implemented support for Sec-Fetch-* headers, implementing another mechanism to deal with site security. See this part of the spec for a primer on what this does.
  • Added support for FFmpeg 7.0 / libavcodec 61 (Linux).
  • Pale Moon will now look up hosts in DNS ahead of time to make page navigation smoother. See implementation notes.
  • Pale Moon will now block access to the reserved address 0.0.0.0 on non-Windows operating systems. See implementation notes.
  • Dev: Aligned rounding behavior and precision ranges of toFixed and related functions with the spec. See implementation notes.
  • Dev: Aligned isTrusted for PostMessage and BroadcastChannel with expected values on the web. See implementation notes.
  • Dev: Added the navigator.webdriver attribute for web compatibility (always false in Pale Moon as we do not support browser automation APIs).
  • Re-implemented the Durstenfeld shuffle for plugin enumeration that was unfortunately dropped with one of our past rebases, to strengthen fingerprinting resistance.
  • Fixed an issue with character clusters (e.g. for text selection) resulting from a regression surrounding our improvements for emoji handling.
  • Fixed an issue with setting DOM color values. DiD
  • Slightly improved password form handling, detecting previously unsupported field orders.
  • Updated NSS to 3.90.4.
  • Updated our emoji font to 15.1.2 (Unicode 15.1 with some additional extras/updates).
  • Code cleanup:
    • Removed unused code related to the (incomplete) FoxEye experiment.
    • Removed support code for LibAV and (very) old versions of FFmpeg. We require libavcodec 58 or later (FFmpeg 4.0+) from this version forward (Linux).
    • Removed click event dispatching code that is no longer relevant.
    • Cleaned up internal macro use in CSS code (this does not impact any exposed APIs or code).
    • Removed the hidden network.dns.disablePrefetchFromHTTPS pref. DNS prefetching should not be treated differently for http and https.
  • Security issues addressed: CVE-2024-7531.

Implementation notes:

  • Pale Moon will now pre-emptively look up the internet addresses in DNS for website navigation (e.g. from links). This speeds up navigation as there will be no delay for DNS lookups when users navigate to a new host or domain from the visited page. Please note that this only deals with DNS (i.e.: looking up the addresses of websites in the domain name system) and Pale Moon will not pre-emptively connect to the servers in question; it will just have the addresses for them ready in case the user decides to navigate to them.
    For some people, this may still be seen as a privacy issue (e.g. when the DNS server operated within an organization is tightly monitored for "unwanted traffic") as it will regularly fire DNS lookups for hosts or domains the user doesn't actually visit, so if this is a concern for you and you wish to revert to our previous behavior, go to Preferences -> Advanced -> tab "Network", and uncheck "Prefetch DNS lookups".
  • Pale Moon will no longer allow connecting to the "this machine" special reserved address 0.0.0.0 (and IPv6 equivalents [::]/[::0.0.0.0]) on operating systems other than Windows. This is to mitigate potentially unrestricted access to local resources on UNIX-like operating systems due to the way the network stack operates there. If needed for your use case, you can control this behavior through the preference network.dns.blockQuad0 -- if set to true, any attempt to connect to the reserved addresses will result in an error.
  • We aligned behavior of number conversions with what is generally expected on the web by mainstream browser engines and/or updated specs. Specifically, toFixed no longer accepts negative precision ranges, and toExponential will now round up at the midpoint in the decimal significand.
  • Initially, the mechanisms BroadcastChannel and MessagePort implicitly called for dispatched events to not be trusted, but since browsers marked them as trusted, this was in conflict with the spec. Eventually, the spec for this was changed to make them trusted in this case. Pale Moon now follows this behavior as well.

----------------------------

Available via the internal updater:   Help / Check for Updates

 

or Full downloads:   Pale Moon for Windows downloads

(edited)

ky331

3 Apprentice

 • 

15.3K Posts

August 13th, 2024 12:58

Firefox  129.0.1, first offered to Release channel users on August 13, 2024

https://www.mozilla.org/en-US/firefox/129.0.1/releasenotes/

Fixed

  • Fixed playback issues on some websites with copyrighted video served via digital rights management. (Bug 1911283)

  • Fixed a crash when dragging a video file onto some websites. (Bug 1910990)

-------------------

Available via the internal updater:   Help / About Firefox 

ky331

3 Apprentice

 • 

15.3K Posts

August 13th, 2024 13:01

Windows Malicious Software Removal Tool (MRT/MSRT) for August 2024, version 5.127

Download Windows Malicious Software Removal Tool 32-bit from Official Microsoft Download Center

Download Windows Malicious Software Removal Tool 64-bit from Official Microsoft Download Center

 

Note:  For those of you who are paranoid about the possibility of a False Positive, you can run the tool via a Command Prompt, and specify the /N parameter.

ky331

3 Apprentice

 • 

15.3K Posts

August 13th, 2024 14:43

Adobe Acrobat/Reader 24.002.21005 

This release is a planned update for Acrobat and Acrobat Reader that provides various new features for end users described in the New features summary, as well as mitigations for vulnerabilities described in the corresponding security bulletins of Reader and Acrobat.

24.002.21005 Planned update, August 13, 2024 — Acrobat-Acrobat Reader Release Notes (adobe.com)

Available via the internal updater:   Help / Check for updates

View More

View All

No Events found!

Top