Thunderbird 38.4 released
FYI...
Thunderbird 38.4 released
Automated Updates: https://support.mozilla.org/en-US/kb...ng-thunderbird
Manual check: Go to >Help >About Thunderbird
- https://www.mozilla.org/en-US/thunde.../releasenotes/
Nov 23, 2015
Fixed in Thunderbird 38.4
- https://www.mozilla.org/en-US/securi...hunderbird38.4
2015-133 NSS and NSPR memory corruption issues
2015-132 Mixed content WebSocket policy bypass through workers
2015-131 Vulnerabilities found through code inspection
2015-128 Memory corruption in libjar through zip files
2015-127 CORS preflight is bypassed when non-standard Content-Type headers are received
2015-123 Buffer overflow during image interactions in canvas
2015-122 Trailing whitespace in IP address hostnames can bypass same-origin policy
2015-116 Miscellaneous memory safety hazards (rv:42.0 / rv:38.4)
- https://www.mozilla.org/en-US/thunderbird/releases/
Download:
- https://www.mozilla.org/en-US/thunderbird/all/
___
- http://www.securitytracker.com/id/1034260
CVE Reference: CVE-2015-4513, CVE-2015-7189, CVE-2015-7193, CVE-2015-7197, CVE-2015-7198, CVE-2015-7199, CVE-2015-7200
Nov 26 2015
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Thunderbird version 38.4.0 ...
:fear:
Apple updates - Dec 8, 2015
FYI...
> https://support.apple.com/en-us/HT201222
iOS 9.2
- https://support.apple.com/en-us/HT205635
Dec 8, 2015 - "Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later..."
- http://www.securitytracker.com/id/1034348
CVE Reference: CVE-2015-7037, CVE-2015-7051, CVE-2015-7055, CVE-2015-7069, CVE-2015-7070, CVE-2015-7072, CVE-2015-7079, CVE-2015-7080, CVE-2015-7093, CVE-2015-7113
Dec 9 2015
Impact: Disclosure of system information, Disclosure of user information, Modification of system information, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 9.2 ...
Safari 9.0.2
- https://support.apple.com/en-us/HT205639
Dec 8, 2015 - "Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 and v10.11.1 ..."
- http://www.securitytracker.com/id/1034341
CVE Reference: CVE-2015-7048, CVE-2015-7050, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, CVE-2015-7103, CVE-2015-7104
Dec 9 2015
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 9.0.2 ...
OS X El Capitan 10.11.2 and Security Update 2015-008
- https://support.apple.com/en-us/HT205637
Dec 8, 2015 - "Available for: OS X El Capitan v10.11 and v10.11.1
Impact: Multiple vulnerabilities in PHP
Description: Multiple vulnerabilities existed in PHP versions prior to 5.5.29, the most serious of which may have led to remote code execution. These were addressed by updating PHP to version 5.5.30..."
- http://www.securitytracker.com/id/1034344
CVE Reference: CVE-2012-1147, CVE-2012-1148, CVE-2015-5333, CVE-2015-5334, CVE-2015-7001, CVE-2015-7038, CVE-2015-7039, CVE-2015-7040, CVE-2015-7041, CVE-2015-7042, CVE-2015-7043, CVE-2015-7044, CVE-2015-7045, CVE-2015-7046, CVE-2015-7047, CVE-2015-7052, CVE-2015-7053, CVE-2015-7054, CVE-2015-7058, CVE-2015-7059, CVE-2015-7060, CVE-2015-7061, CVE-2015-7062, CVE-2015-7063, CVE-2015-7064, CVE-2015-7065, CVE-2015-7066, CVE-2015-7067, CVE-2015-7068, CVE-2015-7071, CVE-2015-7073, CVE-2015-7074, CVE-2015-7075, CVE-2015-7076, CVE-2015-7077, CVE-2015-7078, CVE-2015-7081, CVE-2015-7083, CVE-2015-7084, CVE-2015-7094, CVE-2015-7105, CVE-2015-7106, CVE-2015-7107, CVE-2015-7108, CVE-2015-7109, CVE-2015-7110, CVE-2015-7111, CVE-2015-7112
Dec 9 2015
Impact: Denial of service via local system, Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Root access via local system, User access via network
Fix Available: Yes Vendor Confirmed: Yes ...
Solution: The vendor has issued a fix.
Xcode 7.2
- https://support.apple.com/en-us/HT205642
Dec 8, 2015 - "Available for: OS X Yosemite v10.10.5 or later..."
- http://www.securitytracker.com/id/1034340
CVE Reference: CVE-2015-7049, CVE-2015-7056, CVE-2015-7057, CVE-2015-7082
Dec 9 2015
Impact: Execution of arbitrary code via local system, User access via local system
Fix Available: Yes Vendor Confirmed: Yes ...
Solution: The vendor has issued a fix (7.2).
tvOS 9.1
- https://support.apple.com/en-us/HT205640
Dec 8, 2015 - "Available for: Apple TV (4th generation)..."
watchOS 2.1
- https://support.apple.com/en-us/HT205641
Dec 8, 2015 - "Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes..."
___
- https://www.us-cert.gov/ncas/current...curity-Updates
Dec 08, 2015
:fear::fear:
WordPress 4.4 update breaks itself
FYI...
WordPress 4.4 update breaks itself with SSL certificate problem...
- http://myonlinesecurity.co.uk/wordpr...r-certificate/
Dec 9, 2015 - "WordPress4.4 has just been released and it is highly recommended to update. BUT it is -broken- on many servers. The update will go OK -but- it will also update the SSL certificate bundle that WordPress uses to update itself, the themes and plugins. The certificate bundle appears to be damaged-or-incorrect and stops any WP updates. You will get a message saying http_request_failed: “SSL certificate problem: unable to get local issuer certificate” whenever you try to do anything involving WordPress updates, updating or installing themes or plugins or using Jetpack features like stats or sharing etc. The error screen will look something like this. It doesn’t matter what plugin or theme you try to update. the error message will be similar:
>> http://myonlinesecurity.co.uk/wp-con...date-error.png
... found this post on WordPress support that does fix the problem. All my WP sites gave me the SSL warning until I used the certificate bundle from that post:
- https://wordpress.org/support/topic/...error14090086s
... until WordPress fixes/updates themselves, you should manually do this yourself...
WordPress could send out a hotfix of some sort now to make this update... - Derek"
___
WordPress hosting service WP Engine has been hacked
- http://www.theinquirer.net/inquirer/...as-been-hacked
Dec 10 2015
- https://wpengine.com/support/infosec/
Security Update: "Update 12/13/2015 1:00pm Central: WP Engine continues to work around the clock and as part of the ongoing investigation, our security team has begun to work with an additional security consultant in addition to our third-party cyber security firm in order to objectively accelerate the investigation. We will continue to post updates here as they become available..."
:fear::fear:
Adblock Plus 2.7 for Firefox released
FYI...
Adblock Plus 2.7 for Firefox released
- https://adblockplus.org/releases/adb...refox-released
2015-12-15 - "... In order to support multiple processes properly we had to implement massive changes to the core functionality of Adblock Plus. These changes should have almost no visible effect other than improved performance however.
Visible changes:
- If pop-ups are blocked after the redirect, the pop-up window will actually be closed and not merely prevented from loading (issue 443).
- The diagnostic page under chrome://adblockplus/content/errors.html has been removed, it was of very limited use (issue 3357).
Known issues:
- Element hiding functionality isn’t working on Mac OS X when multi-process mode is enabled (bug 1187099). Given the lack of progress on Mozilla’s side, we will have to come up with some work-around later on.
- Issue reporter doesn’t create screenshots when multi-process mode is enabled (issue 3375). To be addressed in the next release.
- “Unsafe CPOW usage” warnings will still show up in Error Console sometimes when multi-process mode is enabled, most prominently when using the list of blockable items (issue 3407). To be addressed in the next release.
- Selection in the list of blockable items isn’t remembered reliably when multi-process mode is enabled (issue 3259). To be addressed in the next release."
:fear::fear:
Thunderbird 38.5 released
FYI...
Thunderbird 38.5 released
Automated Updates: https://support.mozilla.org/en-US/kb...ng-thunderbird
Manual check: Go to >Help >About Thunderbird
- https://www.mozilla.org/en-US/thunde.../releasenotes/
Dec 23, 2015
Fixed in Thunderbird 38.5
- https://www.mozilla.org/en-US/securi...hunderbird38.5
2015-149 Cross-site reading attack through data and view-source URIs
2015-146 Integer overflow in MP4 playback in 64-bit versions
2015-145 Underflow through code inspection
2015-139 Integer overflow allocating extremely large textures
2015-134 Miscellaneous memory safety hazards (rv:43.0 / rv:38.5)
- https://www.mozilla.org/en-US/thunderbird/releases/
Download:
- https://www.mozilla.org/en-US/thunderbird/all/
___
Version 38.5.1
- https://www.mozilla.org/en-US/thunde.../releasenotes/
Jan 7, 2016
What’s New:
Changed: Use a SHA-256 signing certificate for Windows builds, to meet new signing requirements
Known Issues:
unresolved: Windows XP SP2 will no longer install Thunderbird (workaround: Install Thunderbird 38.5.0 then update)
:fear:
Adblock Plus 2.7.1 for Firefox released
FYI...
Adblock Plus 2.7.1 for Firefox released
- https://adblockplus.org/releases/adb...refox-released
2016-01-19
"With this release Adblock Plus becomes fully compatible with the upcoming multi-process mode in Firefox, it no longer relies on backwards compatibility hacks in Firefox (issue 3259, issue 3407, issue 3449, issue 3465, issue 3486, issue 3494). This also means that the screenshot functionality in Issue Reporter is fully functional now (issue 3375), and also quite fast (issue 3504).
- Additional changes:
Improved performance: patterns.ini was being saved way more often than necessary (issue 3473).
$ping filter option is back and will especially apply to requests sent via navigator.sendBeacon() (issue 3452).
Requests produced by <img srcset> and <picture> will be assigned type image (issue 3459).
Requests produced by the Fetch API will be assigned type xmlhttprequest (issue 3459).
genericblock and generichide types will no longer show up in the filter assistant (issue 3478).
Removed non-standard JavaScript syntax, which caused warnings in Firefox Aurora and Nightly builds (issue 1434, issue 3418, issue 3421, issue 3502, issue 3505).
Fixed: Previously disabled and removed filter is still disabled when added back (issue 3451).
- Regressions fixed:
As the previous release changed Adblock Plus quite drastically, it inevitably introduced some issues. As far as we know, all of these have been resolved:
Pop-up blocking doesn’t catch redirects to a different domain (issue 3458).
Issue Reporter gets stuck if filter subscriptions need updating (issue 3461, issue 3464).
Screenshot marker in Issue Reporter is no longer red (issue 3503).
Fixed image preview in Blockable Items tooltip (issue 3491).
- Known issues:
Element hiding functionality isn’t working on Mac OS X when multi-process mode is enabled (bug 1187099). Mozilla is working on this..."
:fear::fear: