Alerts

WordPress 4.7.3 released

FYI...

WordPress 4.7.3 released
- https://wordpress.org/news/
Mar 6, 2017 - "WordPress 4.7.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
WordPress versions 4.7.2 and earlier are affected by six security issues:
1. Cross-site scripting (XSS) via media file metadata...
2. Control characters can trick redirect URL validation...
3. Unintended files can be deleted by administrators using the plugin deletion functionality...
4. Cross-site scripting (XSS) via video URL in YouTube embeds...
5. Cross-site scripting (XSS) via taxonomy term names...
6. Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources...
In addition to the security issues above, WordPress 4.7.3 contains 39 maintenance fixes to the 4.7 release series...

Release notes
- https://codex.wordpress.org/Version_4.7.3

Download
- https://wordpress.org/download/
___

- http://www.securitytracker.com/id/1037959
Mar 7 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 4.7.2 and prior ...
Impact: A remote user can take actions on the target system acting as the target authenticated user.
A remote user can consume excessive server resources on the target system.
A remote user can bypass redirect URL validation on the target system.
A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the WordPress software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution: The vendor has issued a fix (4.7.3)...
___

- https://www.us-cert.gov/ncas/current-activity/2017/03/06/WordPress-Releases-Security-Update
Mar 06, 2017

:fear::fear:
 
Last edited:
Thunderbird 45.8.0 released

FYI...

Thunderbird 45.8.0 released
- https://www.mozilla.org/en-US/thunderbird/45.8.0/releasenotes/
Mar 7, 2017

Fixed in Thunderbird 45.8
- https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird45.8

- https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/
Critical
CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP
CVE-2017-5401: Memory Corruption when handling ErrorResult
CVE-2017-5402: Use-after-free working with events in FontFace objects
CVE-2017-5404: Use-after-free working with ranges in selections
CVE-2017-5398: Memory safety bugs fixed in Thunderbird 45.8

Automated Updates: https://support.mozilla.org/en-US/kb/updating-thunderbird
Manual check: Go to >Help >About Thunderbird

Download
- https://www.mozilla.org/en-US/thunderbird/all/

:fear::fear:
 
Adblock Plus 1.13 for Chrome and Opera

FYI...

Adblock Plus 1.13 for Chrome and Opera released
- https://adblockplus.org/releases/adblock-plus-113-for-chrome-and-opera-released
2017-03-15
Install Adblock Plus 1.13 for Chrome
Install Adblock Plus 1.13 for Opera

This is a major release containing some user interface improvements...
Changes:
- Further improved our WebSocket (issue 4643, 4807) and popup (issue 4834) blocking capabilities.
- Improved the “Block element” tool, fixing a bug where the dialog window would sometimes fail to open (issue 4714) and another which very rarely caused the currently targeted element(s) not to be highlighted (issue 4603).
- Improved the “Add your own filters” interface in the Options page. Extremely large filters are now displayed properly (issue 1121), and the interface is much more responsive when dealing with large numbers of custom filters (issue 4752).
- Improved the Adblock Plus developer tools pane. Chrome’s dark theme is now supported (issue 4136), the Control-F search interface now works (issue 4644) and elements hidden by CSS property filters are now listed (issue 3596).
- Worked around a limitation with Chrome’s onCommitted event which caused many problems (issue 4598, 4599, 4647, 4804). Most notably this caused some requests to be improperly blocked / not blocked...

:spider:
 
iTunes 12.6 released

FYI...

- https://support.apple.com/en-us/HT201222

iTunes 12.6 released
- https://support.apple.com/en-us/HT207598
Mar 21, 2017 - "Available for: OS X Mavericks v10.9.5 and later..."
___

iTunes 12.6 for Windows
- https://support.apple.com/en-us/HT207599
Mar 21, 2017 - "Available for: Windows 7 and later..."
... added more "Entries" March 28, 2017

- http://www.securitytracker.com/id/1038157
CVE Reference: CVE-2017-2383, CVE-2017-2463, CVE-2017-2479, CVE-2017-2480, CVE-2017-5029
Mar 29 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 12.6 ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can obtain potentially sensitive information on the target system.
Solution: The vendor has issued a fix (12.6)...
The vendor advisory is available at: https://support.apple.com/en-us/HT207599
___

- https://www.us-cert.gov/ncas/current-activity/2017/03/24/Apple-Releases-Security-Update-iTunes
Mar 24, 2017

:fear:
 
Last edited:
Apple - many multiple updates - 2017.03.27

FYI...

- https://support.apple.com/en-us/HT201222

Apple Releases Security Update for iWork
- https://www.us-cert.gov/ncas/current-activity/2017/03/27/Apple-Releases-Security-Update-iWork
Mar 27, 2017

- https://support.apple.com/en-us/HT207595
Mar 27, 2017 - "Available for: macOS 10.12 or later, iOS 10.0 or later..."

- http://www.securitytracker.com/id/1038134
CVE Reference: CVE-2017-2391
Mar 27 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 4.1 ...
Impact: A user with access to exported PDF documents can obtain potentially sensitive information from the password protected exported PDF.
Solution: The vendor has issued a fix (4.1)...
The vendor advisory is available at: https://support.apple.com/en-us/HT207595

- http://www.securitytracker.com/id/1038135
CVE Reference: CVE-2017-2391
Mar 27 2017
Fix Available: Yes Vendor Confirmed: Yes
Impact: A user with access to exported PDF documents can obtain potentially sensitive information from the password protected exported PDF.
Solution: The vendor has issued a fix (6.1)...
The vendor advisory is available at: https://support.apple.com/en-us/HT207595

- http://www.securitytracker.com/id/1038136
CVE Reference: CVE-2017-2391
Mar 27 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 7.1...
Impact: A user with access to exported PDF documents can obtain potentially sensitive information from the password protected exported PDF.
Solution: The vendor has issued a fix (7.1)...
The vendor advisory is available at: https://support.apple.com/en-us/HT207595
___

Safari 10.1
- https://support.apple.com/en-us/HT207600
Mar 27 2017 - "Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4.."

- http://www.securitytracker.com/id/1038137
CVE Reference: CVE-2016-9642, CVE-2016-9643, CVE-2017-2364, CVE-2017-2367, CVE-2017-2376, CVE-2017-2377, CVE-2017-2378, CVE-2017-2385, CVE-2017-2386, CVE-2017-2389, CVE-2017-2394, CVE-2017-2395, CVE-2017-2396, CVE-2017-2405, CVE-2017-2415, CVE-2017-2419, CVE-2017-2424, CVE-2017-2433, CVE-2017-2442, CVE-2017-2444, CVE-2017-2445, CVE-2017-2446, CVE-2017-2447, CVE-2017-2453, CVE-2017-2454, CVE-2017-2455, CVE-2017-2459, CVE-2017-2460, CVE-2017-2464, CVE-2017-2465, CVE-2017-2466, CVE-2017-2468, CVE-2017-2469, CVE-2017-2470, CVE-2017-2471, CVE-2017-2475, CVE-2017-2476, CVE-2017-2481 (Links to External Site)
Mar 27 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 10.1...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can cause denial of service conditions.
A local user can obtain potentially sensitive information on the target system.
A remote user can bypass security controls on the target system.
A remote user can obtain potentially sensitive information on the target system.
A remote user can spoof a URL.
A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Apple Safari software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution: The vendor has issued a fix (10.1).
The vendor advisory is available at: https://support.apple.com/en-us/HT207600
___

macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite
- https://support.apple.com/en-us/HT207615
Mar 27 2017

- http://www.securitytracker.com/id/1038138
CVE Reference: CVE-2016-5636, CVE-2016-7585, CVE-2017-2379, CVE-2017-2381, CVE-2017-2388, CVE-2017-2390, CVE-2017-2392, CVE-2017-2398, CVE-2017-2401, CVE-2017-2402, CVE-2017-2403, CVE-2017-2406, CVE-2017-2407, CVE-2017-2408, CVE-2017-2409, CVE-2017-2410, CVE-2017-2413, CVE-2017-2416, CVE-2017-2417, CVE-2017-2418, CVE-2017-2420, CVE-2017-2421, CVE-2017-2422, CVE-2017-2423, CVE-2017-2425, CVE-2017-2426, CVE-2017-2427, CVE-2017-2428, CVE-2017-2429, CVE-2017-2430, CVE-2017-2431, CVE-2017-2432, CVE-2017-2435, CVE-2017-2436, CVE-2017-2437, CVE-2017-2438, CVE-2017-2439, CVE-2017-2440, CVE-2017-2441, CVE-2017-2443, CVE-2017-2448, CVE-2017-2449, CVE-2017-2450, CVE-2017-2451, CVE-2017-2456, CVE-2017-2457, CVE-2017-2458, CVE-2017-2461, CVE-2017-2462, CVE-2017-2467, CVE-2017-2472, CVE-2017-2473, CVE-2017-2474, CVE-2017-2478, CVE-2017-2482, CVE-2017-2483, CVE-2017-2485, CVE-2017-2486, CVE-2017-2487, CVE-2017-6974
Updated: Mar 28 2017
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of system information, Modification of user information, User access via local system, User access via network
Fix Available: Yes Vendor Confirmed: Yes ...
Solution: The vendor has issued a fix (Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite).
The vendor advisory is available at: https://support.apple.com/en-us/HT207615
___

iOS 10.3
- https://support.apple.com/en-us/HT207617
Mar 27 2017 - "Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later..."

- http://www.securitytracker.com/id/1038139
CVE Reference: CVE-2017-2384, CVE-2017-2393, CVE-2017-2397, CVE-2017-2399, CVE-2017-2400, CVE-2017-2404, CVE-2017-2412, CVE-2017-2414, CVE-2017-2434, CVE-2017-2452, CVE-2017-2484
Mar 28 2017
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of system information, Modification of user information
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 10.3...
Impact: A remote user can access and modify certain iTunes data.
A local user can obtain potentially sensitive information on the target system.
A remote user can conduct cross-site scripting attacks.
Solution: The vendor has issued a fix (10.3).
The vendor advisory is available at: https://support.apple.com/en-us/HT207617
___

macOS Server 5.3
- https://support.apple.com/en-us/HT207604
Mar 27 2017 - "Available for: macOS 10.12.4 and later..."

- http://www.securitytracker.com/id/1038144
CVE Reference: CVE-2007-6750, CVE-2017-2382
Mar 28 2017
Impact: Denial of service via network, Disclosure of system information
Fix Available: Yes Vendor Confirmed: Yes ...
Impact: A remote user can cause denial of service conditions.
A remote user can determine valid usernames on the target system.
Solution: The vendor has issued a fix (macOS Server 5.3).
The vendor advisory is available at: https://support.apple.com/en-us/HT207604
___

tvOS 10.2
- https://support.apple.com/en-us/HT207601
Mar 27 2017 - "Available for: Apple TV (4th generation)..."
___

watchOS 3.2
- https://support.apple.com/en-us/HT207602
Mar 27 2017 - "Available for: All Apple Watch models..."
___

- https://www.us-cert.gov/ncas/current-activity/2017/03/27/Apple-Releases-Security-Update-iWork
Mar 27 2017

:fear::fear::fear:
 
iOS 10.3.1 released

FYI...

- https://support.apple.com/en-us/HT201222

iOS 10.3.1
- https://support.apple.com/en-us/HT207688
Apr 3, 2017 - "Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later...
Wi-Fi: Impact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip
Description: A stack buffer overflow was addressed through improved input validation.
CVE-2017-6975 ..."
___

- http://www.securitytracker.com/id/1038172
CVE Reference: https://nvd.nist.gov/vuln/detail/CVE-2017-6975
Apr 4 2017
Fix Available: Yes Vendor Confirmed: Yes ...
Impact: A remote user within WiFi range can execute arbitrary code on the target system.
Solution: The vendor has issued a fix (10.3.1)...
___

- https://www.us-cert.gov/ncas/current-activity/2017/04/03/Apple-Releases-Security-Update-iOS
April 03, 2017

:fear::fear:
 
Last edited:
Thunderbird 52.0 released

FYI...

Thunderbird 52.0 released
- https://www.mozilla.org/en-US/thunderbird/52.0/releasenotes/
April 4, 2017

Fixed in Thunderbird 52
- https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird52

- https://www.mozilla.org/en-US/security/advisories/mfsa2017-09/
Critical
CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP
CVE-2017-5401: Memory Corruption when handling ErrorResult
CVE-2017-5402: Use-after-free working with events in FontFace objects
CVE-2017-5403: Use-after-free using addRange to add range to an incorrect root object
CVE-2017-5404: Use-after-free working with ranges in selections

Automated Updates: https://support.mozilla.org/en-US/kb/updating-thunderbird
Manual check: Go to >Help >About Thunderbird

Download
- https://www.mozilla.org/en-US/thunderbird/all/

:fear::fear:
 
Thunderbird 52.0.1 released

FYI...

Thunderbird 52.0.1 released
- https://www.mozilla.org/en-US/thunderbird/52.0.1/releasenotes/
April 14, 2017

Fixed:
- Crash due to incompatibility with McAfee Anti-SPAM add-on. Add-on is blocked in 52.0.1
- Clicking on a link in an email may not open this link in the external browser...

Complete list of changes in this release
- https://mzl.la/2nSk0Ft
373 bugs found

Automated Updates: https://support.mozilla.org/en-US/kb/updating-thunderbird
Manual check: Go to >Help >About Thunderbird

Download
- https://www.mozilla.org/en-US/thunderbird/all/

:fear::fear:
 
WordPress 4.7.4 released

FYI...

WordPress 4.7.4 released
- https://wordpress.org/news/
April 20, 2017 - "After almost sixty million downloads of WordPress 4.7, we are pleased to announce the immediate availability of WordPress 4.7.4, a maintenance release. This release contains 47 maintenance fixes and enhancements, chief among them an incompatibility between the upcoming Chrome version and the visual editor, inconsistencies in media handling, and further improvements to the REST API. For a full list of changes, consult the release notes* and the list of changes**. Download WordPress 4.7.4 or visit 'Dashboard → Updates' and simply click 'Update Now'. Sites that support automatic background updates are already beginning to update to WordPress 4.7.4..."

Release notes
* https://codex.wordpress.org/Version_4.7.4

** https://core.trac.wordpress.org/log/branches/4.7?rev=40487&stop_rev=40224

Download
- https://wordpress.org/download/
___

> https://wordpress.org/news/2017/05/wordpress-now-on-hackerone/
May 15, 2017 - "... WordPress is now officially on HackerOne*... HackerOne is a platform for security researchers to securely and responsibly report vulnerabilities to our team. It provides tools that improve the quality and consistency of communication with reporters, and will reduce the time spent on responding to commonly reported issues. This frees our team to spend more time working on improving the security of WordPress..."
* https://hackerone.com/wordpress

:fear::fear:
 
Last edited:
Thunderbird 52.1.0 released

FYI...

Thunderbird 52.1.0 released
- https://www.mozilla.org/en-US/thunderbird/52.1.0/releasenotes/
April 30, 2017

Fixed:
Background images not working and other issues related to embedded images when composing email
Google Oauth setup can sometimes not progress to the next step

Complete list of changes in this release
- https://bugzilla.mozilla.org/buglis...cking_thunderbird_esr52&query_format=advanced
19 bugs found.

Automated Updates: https://support.mozilla.org/en-US/kb/updating-thunderbird
Manual check: Go to >Help >About Thunderbird

Download
- https://www.mozilla.org/en-US/thunderbird/all/

:fear::fear:
 
Apple updates - 2017.05.15

FYI...

> https://support.apple.com/en-us/HT201222

iOS 10.3.2 released
- https://support.apple.com/en-us/HT207798
May 15, 2017 - "Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation..."
- http://www.securitytracker.com/id/1038485
CVE Reference: CVE-2017-2498, CVE-2017-6982, CVE-2017-6989
May 15 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 10.3.2 ...
Impact: An application can cause denial of service conditions on the target system.
An application can obtain elevated privileges on the target system.
A user can bypass certificate validation on the target system.
Solution: The vendor has issued a fix (10.3.2)...
___

Safari 10.1.1
- https://support.apple.com/en-us/HT207804
May 15, 2017 - "Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6, and macOS Sierra 10.12.5..."
- http://www.securitytracker.com/id/1038487
CVE Reference: CVE-2017-2495, CVE-2017-2496, CVE-2017-2499, CVE-2017-2500, CVE-2017-2504, CVE-2017-2505, CVE-2017-2506, CVE-2017-2508, CVE-2017-2510, CVE-2017-2511, CVE-2017-2514, CVE-2017-2515, CVE-2017-2521, CVE-2017-2525, CVE-2017-2526, CVE-2017-2528, CVE-2017-2530, CVE-2017-2531, CVE-2017-2536, CVE-2017-2538, CVE-2017-2539, CVE-2017-2544, CVE-2017-2547, CVE-2017-2549, CVE-2017-6980, CVE-2017-6984
May 16 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 10.1.1 ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can cause denial of service conditions.
A local user can bypass code signing policy on the target system.
A remote user can spoof a URL.
A remote user can access the target user's cookies (including authentication cookies), if any, associated with an arbitrary site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution: The vendor has issued a fix (10.1.1)...
___

macOS Sierra 10.12.5, Security Update 2017-002 El Capitan, and Security Update 2017-002 Yosemite
- https://support.apple.com/en-us/HT207797
May 15, 2017
- http://www.securitytracker.com/id/1038484
CVE Reference: CVE-2017-2494, CVE-2017-2497, CVE-2017-2501, CVE-2017-2502, CVE-2017-2503, CVE-2017-2507, CVE-2017-2509, CVE-2017-2512, CVE-2017-2513, CVE-2017-2516, CVE-2017-2518, CVE-2017-2519, CVE-2017-2520, CVE-2017-2524, CVE-2017-2527, CVE-2017-2533, CVE-2017-2534, CVE-2017-2535, CVE-2017-2537, CVE-2017-2540, CVE-2017-2541, CVE-2017-2542, CVE-2017-2543, CVE-2017-2545, CVE-2017-2546, CVE-2017-2548, CVE-2017-6977, CVE-2017-6978, CVE-2017-6979, CVE-2017-6981, CVE-2017-6983, CVE-2017-6985, CVE-2017-6986, CVE-2017-6987, CVE-2017-6988, CVE-2017-6990, CVE-2017-6991
May 15 2017
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via local system, Execution of arbitrary code via network, Root access via local system, User access via local system, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 10.12.5...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
An application can obtain potentially sensitive information from system memory on the target system.
An application can obtain elevated privileges on the target system.
A remote user on a local network can obtain 802.1X authentication credentials.
Solution: The vendor has issued a fix (10.12.5)...
___

iCloud for Windows 6.2.1
- https://support.apple.com/en-us/HT207803
May 15, 2017
___

iTunes 12.6.1 for Windows
- https://support.apple.com/en-us/HT207805
May 15, 2017
___

tvOS 10.2.1
- https://support.apple.com/en-us/HT207801
May 15, 2017
___

watchOS 3.2.2
- https://support.apple.com/en-us/HT207800
May 15, 2017
___

- https://www.us-cert.gov/ncas/current-activity/2017/05/15/Apple-Releases-Security-Updates
May 15, 2017

:fear::fear:
 
Last edited:
Thunderbird 52.1.1 released

FYI...

Thunderbird 52.1.1 released
- https://www.mozilla.org/en-US/thunderbird/52.1.1/releasenotes/
May 15, 2017

Fixed:
- Large attachments may not be shown or saved correctly if the message is stored in an IMAP folder which is not synchronized for offline use
- Unable to load full message via POP if message was downloaded partially (or only headers) before
- Some attachments can't be opened or saved if the message body is empty
- Crash when compacting IMAP folder

Known Issues:
unresolved:
- Large number of blank pages being printed under certain circumstances
- Crash due to incompatibility with McAfee Anti-SPAM add-on. Workaround: Start in safe mode and -disable- McAfee Anti-Spam Extension

Complete list of changes in this release:
- https://bugzilla.mozilla.org/buglis...cking_thunderbird_esr52&query_format=advanced
19 bugs found.

Automated Updates: https://support.mozilla.org/en-US/kb/updating-thunderbird
Manual check: Go to >Help >About Thunderbird

Download
- https://www.mozilla.org/en-US/thunderbird/all/

:fear::fear:
 
Last edited:
WordPress 4.7.5 released

FYI...

WordPress 4.7.5 released
- https://wordpress.org/news/2017/05/wordpress-4-7-5/
May 16, 2017 - "WordPress 4.7.5 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
WordPress versions 4.7.4 and earlier are affected by six security issues:
- Insufficient redirect validation in the HTTP class...
- Improper handling of post meta data values in the XML-RPC API...
- Lack of capability checks for post meta data in the XML-RPC API...
- A Cross Site Request Forgery (CRSF) vulnerability was discovered in the filesystem credentials dialog...
- A cross-site scripting (XSS) vulnerability was discovered when attempting to upload very large files...
- A cross-site scripting (XSS) vulnerability was discovered related to the Customizer...
In addition to the security issues above, WordPress 4.7.5 contains 3 maintenance fixes to the 4.7 release series. For more information, see the release notes* or consult the list of changes**..."
* https://codex.wordpress.org/Version_4.7.5

** https://core.trac.wordpress.org/que...type&col=priority&col=keywords&order=priority
___

- http://www.securitytracker.com/id/1038520
May 18 2017
Impact: A remote user can take actions on the target system acting as the target authenticated user.
A remote user can cause the target user's browser to be -redirected- to an arbitrary web site.
A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the WordPress software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
The impact was -not- specified for two vulnerabilities.
Solution: The vendor has issued a fix (4.7.5)...
___

- https://www.us-cert.gov/ncas/current-activity/2017/05/17/WordPress-Releases-Security-Update
May 17, 2017

:fear::fear::fear:
 
Last edited:
Adblock Plus 2.9 for Firefox

FYI...

Adblock Plus 2.9 for Firefox released
- https://adblockplus.org/releases/adblock-plus-29-for-firefox-released
2017-05-25

Install Adblock Plus 2.9 for Firefox

"This release lays important groundwork for the Web Extensions migration. The way Adblock Plus stores its data has changed drastically, though for users everything should stay exactly the same (issue 5048). The new location of your filters and subscriptions is the browser-extension-data/{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}/storage.js file in your Firefox profile, the same data will be used by the Adblock Plus build based on the Web Extensions platform once it is ready.
Additional changes:
- The hidden data_directory and please_kill_startup_performance preferences have been removed.
- It is now possible to use { and } in CSS property filters (issue 4684)."

:fear::fear:
 
Adblock Plus 2.9.1 for Firefox

FYI...

Adblock Plus 2.9.1 for Firefox released
- https://adblockplus.org/releases/adblock-plus-291-for-firefox-released
2017-06-07

Install Adblock Plus 2.9.1 for Firefox

"Unfortunately, the Adblock Plus 2.9 release didn’t go as smoothly as we hoped for. Most importantly, the performance degradation caused by the new data storage turned out more severe than we expected, some users were experiencing regular noticeable browser hangs. While the performance of reading and saving Adblock Plus filters hasn’t improved yet, we turned off filter hit counts by default in Adblock Plus 2.9.1 as a first consequence to make sure the data no longer needs to be saved that often (issue 5298). Users who need this functionality can turn it back on by clicking the ABP icon, going into “Options” and checking “Count filter hits.”
We will be looking into other ways to improve this, even though the main issue can only be resolved by the Firefox developers. It also wasn’t noticed before release that the new data storage doesn’t work in Thunderbird and SeaMonkey, so these users ended up with filters being reset on each restart. This has also been resolved in Adblock Plus 2.9.1 (issue 5279, issue 5285), the original data should show up again now..."

:fear::fear:
 
Thunderbird 52.2.0 released

FYI...

Thunderbird 52.2.0 released
- https://www.mozilla.org/en-US/thunderbird/52.2.0/releasenotes/
June 14, 2017
What’s New:
Fixed:
- Embedded images not shown in email received from Hotmail/Outlook webmailer
- Detection of non-ASCII font names in font selector
- Attachment not forwarded correctly under certain circumstances
- Multiple requests for master password when GMail OAuth2 is enabled
- Large number of blank pages being printed under certain circumstances when invalid preferences were present
- Messages sent via the Simple MAPI interface are forced to HTML
- Calendar: Invitations can't be printed
- Mailing list (group) not accessible from macOS or Outlook address book
- Clicking on links with references/anchors where target doesn't exist in the message not opening in external browser

Various security fixes:
- https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird52.2

- https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/
Critical:
CVE-2017-5472: Use-after-free using destroyed node when regenerating trees
CVE-2017-5470: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2, and Thunderbird 52.2

Automated Updates: https://support.mozilla.org/en-US/kb/updating-thunderbird
Manual check: Go to >Help >About Thunderbird

Download
- https://www.mozilla.org/en-US/thunderbird/all/
___

- https://www.us-cert.gov/ncas/current-activity/2017/06/15/Mozilla-Releases-Security-Update
June 15, 2017

:fear::fear:
 
Last edited:
You must log in or register to reply here.
Back
Top