Thunderbird 52.3.0 released
FYI...
Thunderbird 52.3.0 released
- https://www.mozilla.org/en-US/thunde.../releasenotes/
Aug 16, 2017
Fixed:
- Unwanted inline images shown in rogue SPAM messages
- Deleting message from the POP3 server not working when maildir storage was used
- Message disposition flag (replied / forwarded) lost when reply or forwarded message was stored as draft and draft was sent later
- Inline images not scaled to fit when printing
- Selected text from another message sometimes included in a reply
- No authorisation prompt displayed when inserting image into email body although image URL requires authentication
- Large attachments taking a long time to open under some circumstances
Automated Updates: https://support.mozilla.org/en-US/kb...ng-thunderbird
Manual check: Go to >Help >About Thunderbird
Download
- https://www.mozilla.org/en-US/thunderbird/all/
> https://www.mozilla.org/en-US/securi...s/mfsa2017-20/
Critical:
CVE-2017-7800: Use-after-free in WebSockets during disconnection
CVE-2017-7801: Use-after-free with marquee during window resizing
CVE-2017-7779: Memory safety bugs fixed in Firefox 55, Firefox ESR 52.3, and Thunderbird 52.3
___
- https://www.us-cert.gov/ncas/current...ecurity-Update
Aug 21, 2017
:fear:
Apple updates - 2017.09.19
FYI...
> https://support.apple.com/en-us/HT201222
iOS 11
- https://support.apple.com/en-us/HT208112
Sep 19, 2017 - "Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation..."
- http://www.securitytracker.com/id/1039385
CVE Reference: CVE-2017-7072, CVE-2017-7085, CVE-2017-7088, CVE-2017-7089, CVE-2017-7097, CVE-2017-7106, CVE-2017-7118, CVE-2017-7133
Sep 19 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 11.0 ...
Impact: A remote user can cause denial of service conditions.
A remote user can spoof the address bar.
A remote user can access the target user's cookies (including authentication cookies), if any, associated with an arbitrary site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution: The vendor has issued a fix (11.0)...
> https://support.apple.com/en-us/HT204204
___
Safari 11
- https://support.apple.com/en-us/HT208116
Sep 19, 2017 - "Available for: OS X El Capitan 10.11.6 and macOS Sierra 10.12.6..."
- http://www.securitytracker.com/id/1039384
CVE Reference: CVE-2017-7085, CVE-2017-7089, CVE-2017-7106
Sep 19 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 11.0 ...
Impact: A remote user can spoof the address bar.
A remote user can access the target user's cookies (including authentication cookies), if any, associated with an arbitrary site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution: The vendor has issued a fix (11.0)...
___
Xcode 9
- https://support.apple.com/en-us/HT208103
Sep 19, 2017 - "Available for: macOS Sierra 10.12.6 or later..."
- http://www.securitytracker.com/id/1039386
CVE Reference: CVE-2017-7076, CVE-2017-7134, CVE-2017-7135, CVE-2017-7136, CVE-2017-7137
Sep 19 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 9.0 ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (9.0)...
___
- https://www.us-cert.gov/ncas/current...curity-Updates
Sep 19, 2017
:fear:
Apple updates - 2017.09.25
FYI...
> https://support.apple.com/en-us/HT201222
iCloud for Windows 7.0
- https://support.apple.com/en-us/HT208142
Sep 25, 2017 - "Available for: Windows 7 and later..."
___
macOS High Sierra 10.13
- https://support.apple.com/en-us/HT208144
Sep 25, 2017 - "Available for: OS X Lion 10.8 and later..."
- http://www.securitytracker.com/id/1039427
CVE Reference: CVE-2016-9042, CVE-2016-9063, CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2017-0381, CVE-2017-1000373, CVE-2017-10989, CVE-2017-11103, CVE-2017-6451, CVE-2017-6452, CVE-2017-6455, CVE-2017-7074, CVE-2017-7077, CVE-2017-7078, CVE-2017-7080, CVE-2017-7082, CVE-2017-7083, CVE-2017-7084, CVE-2017-7086, CVE-2017-7114, CVE-2017-7119, CVE-2017-7127, CVE-2017-7128, CVE-2017-7129, CVE-2017-7130, CVE-2017-7138, CVE-2017-7141, CVE-2017-7143, CVE-2017-7144, CVE-2017-9233
Sep 25 2017
Fix Available: Yes Vendor Confirmed: Yes ...
Version(s): prior to 10.13 ...
Impact: A remote or local user can cause denial of service conditions on the target system.
A local user can obtain elevated privileges on the target system.
A local user can obtain potentially sensitive information on the target system.
A remote or local user can bypass security controls on the target system.
An application can execute arbitrary code with elevated privileges.
Solution: The vendor has issued a fix (10.13)...
___
macOS Server 5.4
- https://support.apple.com/en-us/HT208102
Sep 25, 2017 - "Available for: macOS High Sierra 10.13..."
___
iTunes 12.7 for Windows
- https://support.apple.com/en-us/HT208141
Sep 12, 2017 ? - "Available for: Windows 7 and later..."
- http://www.securitytracker.com/id/1039428
CVE Reference: CVE-2017-7081, CVE-2017-7087, CVE-2017-7090, CVE-2017-7091, CVE-2017-7092, CVE-2017-7093, CVE-2017-7094, CVE-2017-7095, CVE-2017-7096, CVE-2017-7098, CVE-2017-7099, CVE-2017-7100, CVE-2017-7102, CVE-2017-7104, CVE-2017-7107, CVE-2017-7109, CVE-2017-7111, CVE-2017-7117, CVE-2017-7120
Sep 25 2017
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available: Yes Vendor Confirmed: Yes ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can bypass same-origin restrictions on the target system.
A remote user can conduct cross-site scripting attacks.
Solution: The vendor has issued a fix (12.7)...
___
iTunes 12.7
- https://support.apple.com/en-us/HT208140
Sep 12, 2017 ? - "Available for: OS X Yosemite 10.10.5 and later..."
___
- https://www.us-cert.gov/ncas/current...curity-Updates
Sep 25, 2017
:fear:
Adblock Plus 1.13.4 for Chrome and Opera released
FYI...
Adblock Plus 1.13.4 for Chrome and Opera released
> https://adblockplus.org/releases/adb...opera-released
2017-09-26
Install Adblock Plus 1.13.4 for Chrome ^
Install Adblock Plus 1.13.4 for Opera ^
This release features improvements to the emulation filters, which allow to block ads on Facebook again.
It also includes some bug fixes and changes under the hood..."
:yes:
Apple security update - 2017.10.05
FYI...
- https://support.apple.com/en-us/HT201222
macOS High Sierra 10.13 Supplemental Update
- https://support.apple.com/en-us/HT208165
Oct 5, 2017 - "Available for: macOS High Sierra 10.13..."
CVE-2017-7149, CVE-2017-7150
- http://www.securitytracker.com/id/1039513
CVE Reference: CVE-2017-7149
Oct 5 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 10.13 ...
Impact: A local user can obtain the password for an encrypted APFS volumen on the target system in certain cases.
Solution: The vendor has issued a fix...
> https://support.apple.com/en-us/HT208168
Oct 6, 2017
___
- https://www.us-cert.gov/ncas/current...OS-High-Sierra
Oct 05, 2017
:fear::fear:
Thunderbird 52.4.0 released
FYI...
Thunderbird 52.4.0 released
- https://www.mozilla.org/en-US/thunde.../releasenotes/
Oct 6, 2017
New: In Thunderbird 52 a new behavior was introduced for replies to mailing list posts: "When replying to a mailing list, reply will be sent to address in From header ignoring Reply-to header". A new preference mail.override_list_reply_to allows to restore the previous behavior.
Fixed:
- Under certain circumstances (image attachment and non-image attachment), attached images were shown truncated in messages stored in IMAP folders not synchronised for offline use.
- IMAP UIDs > 0x7FFFFFFF not handled properly
- Various security fixes*
* https://www.mozilla.org/en-US/securi...hunderbird52.4
Oct 9, 2017
> https://www.mozilla.org/en-US/securi...s/mfsa2017-23/
Critical:
CVE-2017-7810: Memory safety bugs fixed in Firefox 56, Firefox ESR 52.4, and Thunderbird 52.4
Automated Updates: https://support.mozilla.org/en-US/kb...ng-thunderbird
Manual check: Go to >Help >About Thunderbird
Addons: https://addons.mozilla.org/en-US/thunderbird/
Download
- https://www.mozilla.org/en-US/thunderbird/all/
___
> https://www.us-cert.gov/ncas/current...ecurity-Update
Oct 11, 2017
:fear: