Jump to content

1PW

Trusted Advisors
 View Profile  See their activity

  • Posts

    12,084

  • Joined

  • Days Won

    42

 Content Type 

Posts posted by 1PW

    Mullvad Browser

    in General Software and Security Updates

    Posted

    Mullvad Browser 13.0.1 has been released. (26-October-2023)

    Blog | Changelog | Update: Auto-update or download.

    All Platforms

    • Updated Firefox to 115.4.0esr
    • Bug 42182: Default Search Engine Does Not Persist Through Shift to New Identity [tor-browser]
    • Bug 42185: Rebase stable browsers on top of 115.4.0esr [tor-browser]
    • Bug 42191: Backport security fixes (Android & wontfix) from Firefox 119 to 115.4 - based Tor Browser [tor-browser]

    Build System

    Windows + Linux

    • Bug 40991: Fix creation of downloads-windows-x86_64.json and downloads-linux-x86_64.json [tor-browser-build]

    Windows

    • Bug 40984: The PDBs for .exe are not included [tor-browser-build]

    • Like 1

    Tor Browser

    in General Software and Security Updates

    Posted

    The Tor Browser 13.0.1 (All Platforms) has been released. (25-October-2023)
    Tor Browser 13.0.1 is now available from the Tor Browser download page and also from our distribution directory.

    Blog/Announcement | Full Changelog |

    Full changelog

    The full changelog since Tor Browser 13.0 is:

    • Like 1

    Issue checking for database updates?

    in Safari

    Posted

    Hello @drdas:

    In this instance, you and I are running the same software. Of course, Apple's restrictions would not permit a similar Malwarebytes Browser Guard (MBG) that compares closely to those for Firefox/Chrome-based browsers.

    Be that as it may, the behaviors you described parallel what I see on my laptop. Devs/staffers may have some additional insight.

    HTH

    New Malwarebytes 5 Beta is available!

    in Malwarebytes 5 for Mac Pre-Release

    Posted

    Hello @Aryna and :welcome::

    Would you please confirm whether users are required to uninstall Malwarebytes-Mac-4.6.13.3835.pkg or Malwarebytes-Mac-5.0.72.422.pkg before installing Malwarebytes-Mac-5.0.102.681.pkg?

    I might recall that an uninstall of MB4 for Mac was compulsory.

    My MBP18,1 experienced MB5_mac_preview crashes (reported in this sub-forum) under macOS Ventura and Sonoma. Have these crashes been resolved?

    Thank you.

    OpenSSL

    in General Software and Security Updates

    Posted

    As previously announced in the post before this one, OpenSSL has released the promised updated versions 3.1.4 and 3.0.12 on 24-October-2023.

    Newslog | Downloads | Changelog | 

    -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

OpenSSL Security Advisory [24th October 2023]
=============================================

Incorrect cipher key & IV length processing (CVE-2023-5363)
===========================================================

Severity: Moderate

Issue summary: A bug has been identified in the processing of key and
initialisation vector (IV) lengths.  This can lead to potential truncation
or overruns during the initialisation of some symmetric ciphers.

Impact summary: A truncation in the IV can result in non-uniqueness,
which could result in loss of confidentiality for some cipher modes.

When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or
EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after
the key and IV have been established.  Any alterations to the key length,
via the "keylen" parameter or the IV length, via the "ivlen" parameter,
within the OSSL_PARAM array will not take effect as intended, potentially
causing truncation or overreading of these values.  The following ciphers
and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.

For the CCM, GCM and OCB cipher modes, truncation of the IV can result in
loss of confidentiality.  For example, when following NIST's SP 800-38D
section 8.2.1 guidance for constructing a deterministic IV for AES in
GCM mode, truncation of the counter portion could lead to IV reuse.

Both truncations and overruns of the key and overruns of the IV will
produce incorrect results and could, in some cases, trigger a memory
exception.  However, these issues are not currently assessed as security
critical.

Changing the key and/or IV lengths is not considered to be a common operation
and the vulnerable API was recently introduced. Furthermore, it is likely that
application developers will have spotted this problem during testing since
decryption would fail unless both peers in the communication were similarly
vulnerable. For these reasons, we expect the probability of an application being
vulnerable to this to be quite low. However, if an application is vulnerable then
this issue is considered very serious. For these reasons, we have assessed this
issue as Moderate severity overall.

The OpenSSL SSL/TLS implementation is not affected by this issue.

The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because
the issue lies outside of the FIPS provider boundary.

OpenSSL 3.1 and 3.0 are vulnerable to this issue.

OpenSSL 3.0 users should upgrade to OpenSSL 3.0.12.
OpenSSL 3.1 users should upgrade to OpenSSL 3.1.4.

This issue was reported on 21st September 2023 by Tony Battersby of
Cybernetics.  The fix was developed by Dr. Paul Dale.  This problem was
independently reported on the 3rd of December 2022 as part of issue
#19822, but it was not recognised as a security vulnerability at that
time.

General Advisory Notes
======================

URL for this Security Advisory:
https://www.openssl.org/news/secadv/20231024.txt

Note: the online version of the advisory may be updated with additional details
over time.

For details of OpenSSL severity classifications, please see:
https://www.openssl.org/policies/general/security-policy.html

OpenSSL 1.1.1 is out of support and no longer receiving public updates. Extended
support is available for premium support customers:
https://www.openssl.org/support/contracts.html
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE78CkZ9YTy4PH7W0w2JTizos9efUFAmU33bsACgkQ2JTizos9
efVwAg/8Dh8qiBA3LEzTP39JtwAZzf0MPUEe0I5bvS7GUXIX8EemYojcNyoa/i+x
Lr/DQtRJ0j/woiy2PhMFbej+NNMwtHD4Cu83JB+wEEiXbnt4n5yi+rWb9hw19Fs6
g17EDbsi1j5fgCQ81Psgxg02bgC/3iE2AnDYty6mRQnfMPe599SMUEnUsRfeGdTh
QGOwLbAH58a3OydMFD5tUHY6JKKwU7WhLrYanAT7YIlU4oQbAIEKL7+K0roIzhyq
3o7EjtfKAr2ttcl+iOXdJYRb+0OwP59y/BBAOOOdCcb2oqDs1fPvXB8BXHhR43Ew
i5EF47fUFxICu2kuXEe00RbbJipAqF5S0KvIKurYPjepukWjOqnNBQc4euned0gN
bYcQgMLjYoZAp79V42kRMTQ+uMP1ElUCx4gwY8iOn6R65TmHloiNWv/q0I3XhWeH
piLOv9lm/pMNmArpFGpySQzTY/wyyEvc9ZQcThSdWSiJOIebG4wFLYP+LvzG81/Q
KX0yMK1dB8nyD6n+p14aIxhaWHr/7YgNO0882YbG11OQftIB5HXIXsQT5XFdVm8h
OUCJfj1iPv1O3Xr7UkTISzGzRZyYLoUxFSi9+DrMHWaK9pQqSYDjqB6XE8vImnZN
wJJj9hGRRZzCON5pXuh5+bIPSozdUPaZtWWm9ICobB/PLyvD05M=
=aGd3
-----END PGP SIGNATURE-----

    • Like 1

    Firefox 126.0 release now available

    in Firefox

    Posted

    Version 119.0, first offered to Release channel users on October 24, 2023

    New

    • Firefox View includes more content. You can now see all open tabs, from all windows. If you sync open tabs, you’ll see all tabs from other devices. Browsing history is now listed and you can sort by date or by site. As before, recently closed tabs are also listed on Firefox View.

      To access Firefox View, select the file folder icon at the top left of your tab strip.

      screenshot of Firefox View displaying open tabs and tabs from other devices

    • Gradually rolling out in Fx119, Firefox now allows you to edit PDFs by adding images and alt text, in addition to text and drawings.

      screenshot of a photo of a red fox being added to a PDF. The alt text tool is open to the left of the photo, ready for a description to be added.

    • Recently closed tabs now persist between sessions that don't have automatic session restore enabled. Manually restoring a previous session will continue to reopen any previously open tabs or windows.

    • If you're migrating your data from Chrome, Firefox now offers the ability to import some of your extensions as well.

    • As part of Total Cookie Protection, Firefox now supports the partitioning of Blob URLs, this mitigates a potential tracking vector that third-party agents could use to track an individual.

    • The visibility of fonts to websites has been restricted to system fonts and language pack fonts in Enhanced Tracking Protection strict mode to mitigate font fingerprinting.

    • The Storage Access API web standard was updated to improve security while mitigating website breakages and further enabling the phase out of third-party cookies in Firefox.

    • Encrypted Client Hello (ECH) is now available to Firefox users, delivering a more private browsing experience. ECH extends the encryption used in TLS connections to cover more of the handshake and better protect sensitive fields. Read more about the launch of ECH on Mozilla Distilled.

    • Media sniffing is no longer applied to files served as type application/octet-stream, this allows these files to be downloaded instead of attempting playback.

    • On Windows, the mouse pointer will disappear while typing if the relevant Windows mouse properties system setting is enabled.

    • Firefox is now available in the Santali (sat) language.

    check.6ae3794b67ae.svg

    Fixed

    • Fixed an issue causing unexpected jumps in scroll position on Facebook.

    • Various security fixes.

    Mozilla Foundation Security Advisory 2023-45

    Security Vulnerabilities fixed in Firefox 119

    11 Total:  3 High, 7 Moderate, 1 Low

    Announced
    October 24, 2023
    Impact
    high
    Products
    Firefox
    Fixed in
    • Firefox 119

    #CVE-2023-5721: Queued up rendering could have allowed websites to clickjack

    Reporter
    Kelsey Gilbert
    Impact
    high
    Description

    It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay.

    References

    #CVE-2023-5722: Cross-Origin size and header leakage

    Reporter
    annevk
    Impact
    moderate
    Description

    Using iterative requests an attacker was able to learn the size of an opaque response, as well as the contents of a server-supplied Vary header.

    References

    #CVE-2023-5723: Invalid cookie characters could have led to unexpected errors

    Reporter
    Daniel Veditz
    Impact
    moderate
    Description

    An attacker with temporary script access to a site could have set a cookie containing invalid characters using document.cookie that could have led to unknown errors.

    References

    #CVE-2023-5724: Large WebGL draw could have led to a crash

    Reporter
    pwn2car
    Impact
    moderate
    Description

    Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash.

    References

    #CVE-2023-5725: WebExtensions could open arbitrary URLs

    Reporter
    Shaheen Fazim
    Impact
    moderate
    Description

    A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data.

    References

    #CVE-2023-5726: Full screen notification obscured by file open dialog on macOS

    Reporter
    Edgar Chen and Hafiizh
    Impact
    moderate
    Description

    A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks.
    Note: This issue only affected macOS operating systems. Other operating systems are unaffected.

    References

    #CVE-2023-5727: Download Protections were bypassed by .msix, .msixbundle, .appx, and .appxbundle files on Windows

    Reporter
    Marco Bonardo
    Impact
    moderate
    Description

    The executable file warning was not presented when downloading .msix, .msixbundle, .appx, and .appxbundle files, which can run commands on a user's computer.
    Note: This issue only affected Windows operating systems. Other operating systems are unaffected.

    References

    #CVE-2023-5728: Improper object tracking during GC in the JavaScript engine could have led to a crash.

    Reporter
    anbu
    Impact
    moderate
    Description

    During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash.

    References

    #CVE-2023-5729: Fullscreen notification dialog could have been obscured by WebAuthn prompts

    Reporter
    Shaheen Fazim
    Impact
    low
    Description

    A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. This could have obscured the fullscreen notification and could have been leveraged in a spoofing attack.

    References

    #CVE-2023-5730: Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4

    Reporter
    Jed Davis, Andrew McCreight, Randell Jesup, and the Mozilla Fuzzing Team
    Impact
    high
    Description

    Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

    References

    #CVE-2023-5731: Memory safety bugs fixed in Firefox 119

    Reporter
    Steve Fink, Stefan Arentz, and the Mozilla Fuzzing Team
    Impact
    high
    Description

    Memory safety bugs present in Firefox 118. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

    References

    • Like 1

    Malwarebytes Windows Firewall Control (WFC)

    in General Software and Security Updates

    Posted

    Malwarebytes Windows Firewall Control (WFC) 6.9.7.0 has been released. (20-October-2023)

    Homepage | Download | Change History | FAQ | User Guide | Support | Forum

    Announcement |

    Quote

    Windows Firewall Control v.6.9.7.0

    Change log:
    - Fixed: Cannot delete invalid rules located under C:\$WINDOWS.~BT folder.
    - Fixed: Adding multiple rules at once to the same group fails if the rules have no description set.
    - Fixed: Cannot create a duplicate of a temporary rule.
    - Fixed: Notifications are disabled after WFC restart and must be re-enabled again.
    - Fixed: When unchecking the 'Blocked connections' in Connections Log, the notifications still appear as enabled when they are, in fact, disabled.
    - Added back translations for Chinese, Dutch, Polish, since they were updated to the current version.

    Download location: https://binisoft.org/download/wfc6setup.exe
    SHA1: 00d42ce20765f920b575de3b090a871ec1178020
    SHA256: 4705777f045450023b739e9e87c73c9d53f158faf788fe720a23df8cf2d89280

    Thank you for your feedback and your support,
    Alexandru Dicu

    It appears that the major changes that were made in version 6.9.3.0 created some new bugs and also helped to discover older bugs. The first 3 fixed bugs from the changelog existed for many years ago.

     

    • Like 1

    #StopRansomware Guide

    in Security Software Updates

    Posted

    This document is a one-stop resource to help organizations reduce the risk of ransomware incidents through best practices to detect, prevent, respond, and recover, including step-by-step approaches to address potential attacks. This publication was developed through the Joint Ransomware Task Force (JRTF), an interagency body established by Congress in the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) to ensure unity of effort in combating the growing threat of ransomware attacks. More...

     

     

     

    • Like 1

    OpenSSL

    in General Software and Security Updates

    Posted

    OpenSSL Announcement

    Quote

    New OpenSSL Releases

    Matt Caswell matt at openssl.org
    Tue Oct 17 17:48:26 UTC 2023

      

    The OpenSSL project team would like to announce the upcoming release of
OpenSSL versions 3.1.4 and 3.0.12.

These releases will be made available on Tuesday 24th October 2023
between 1300-1700 UTC.

These are security-fix releases. The highest severity issue fixed in
each of these two releases is Moderate:

https://www.openssl.org/policies/secpolicy.html

Yours
The OpenSSL Project Team

     

    • Like 1

    Malwarebytes Windows Firewall Control (WFC)

    in General Software and Security Updates

    Posted · Edited by 1PW

    Note: It was later discovered that version 6.9.6.0 was also released on this same day but missed in this topic.

    Malwarebytes Windows Firewall Control (WFC) 6.9.5.0 has been released. (18-October-2023)

    Homepage | Download | Change History | FAQ | User Guide | Support | Forum

    Announcement |

    Quote

    Windows Firewall Control v.6.9.5.0
    Change log:
    - Fixed: Global hotkeys can't be set properly without restarting the software.
    - Improved: Uninstall dialog will now resize the content so that it displays the entire content in all languages.
    - Removed: Unmaintained language files were removed from the software.

    Download location: https://binisoft.org/download/wfc6setup.exe
    SHA1: da1a2207468f22704752956ab5871948e75b4c8a
    SHA256: 9d49fcb5f3e7bc05db4da11ebfc793d71699762a1015ddcd7db19141dba9d5d4

     

    • Like 1

    Malwarebytes Windows Firewall Control (WFC)

    in General Software and Security Updates

    Posted

    Malwarebytes Windows Firewall Control (WFC) 6.9.4.0 has been released. (17-October-2023)

    Homepage | Download | Change History | FAQ | User Guide | Support | Forum

    Announcement |

    Windows Firewall Control v.6.9.4.0

    Change log:
    - New: Added compatibility with Smart App Control from Windows 11. The process wfc.exe was renamed to wfcUI.exe.
    - Improved: Replaced WCF with GRPC for inter process communication. WFC requires now NET Framework 4.6.2 or a newer version.
    - Improved: Global hotkey which can toggle between Low and Medium profiles can now toggle between all profiles.
    - Improved: User settings are now applied per user account. Only the settings from Security tab are still global per machine.
    - Fixed: Main Panel opens multiple times if you press fast on the tray icon.
    - Fixed: Secure Boot is not enabling High Filtering profile if wfc.exe is not running.
    - Fixed: Installer does not work if there is a WCF related problem with .NET Framework installation.
    - Fixed: After a failed policy import, notifications are not displayed anymore and a program restart is required to re-enable them.
    - Fixed: Notification dialog becomes unresponsive if a program generates a lot of blocked connections.
    - Fixed: WFC service fails to start if EventLog service is unavailable.
    - Fixed: Shell Integration allows creating new firewall rules even if WFC is locked with a password.

    Due to the fact that this build uses GRPC instead of WCF, the minimum required .NET Framework version is now 4.6.2 instead of 4.5.

    Unfortunately, a clean install is required. You have to uninstall any previous version, select the third option in the uninstaller to keep the firewall rules, then install the new version while preserving the existing firewall rules.

    Updated language strings:
    310 = Toggle between filtering profiles
    501 = Use the shortcuts below to launch various system utilities

    Download location: https://binisoft.org/download/wfc6setup.exe
    SHA1: 068b9f7bc2870cb1609d714526779067942c20f7
    SHA256: 92965864dc52f619d4ba904bb26ac6a82efad62411ea7f3d7eeda4ee8a988cc7

    Thank you for your feedback and your support,
    Alexandru Dicu

    • Like 1

    Notepad++ Updates

    in General Software and Security Updates

    Posted

    Notepad++ 8.5.8 has been released. (17-October-2023)

    Download | News

    Notepad++ v8.5.8 Release:

    https://notepad-plus-plus.org/news/v858-released/

    Notepad++ v8.5.8 Change log:

    1. Fix “Clear Read-Only Flag” command not working immediately regression. (Fix #14138 )
    2. Fix saving files losing Alternate Data Stream issue. (Fix #1498 , #8451 , #8013 )
    3. Fix data loss issue due to no room on disk for saving. (Fix #5664 , #14089 )
    4. Add Win10/Win11 Restart-application feature. (Fix #9722 , #11721 , #11934 )
    5. Fix user created session being modified behaviour on exit. (Implement part 1 , part 2 , part 3 )
    6. Improve document list display performance. (Fix #13479 , #12632 )
    7. Update Scintilla to v5.3.7 & Lexilla to v5.2.7. (Fix #13991 , #14062 )
    8. fix unwanted Afrikaans installer language issue. (Fix #3844 , #7574 )
    9. Fix a crash issue while reading settings from cloud. (Fix #14131 )
    10. Fix security issue CVE-2022-31901. (Fix #13520 )
    11. Enhance non-saved search text’s persistence in Find dialog combobox while pressing arrow key. (Fix #14174 )
    12. Make auto-checking of Find InSelection configurable (resizable & can be disabled). (Fix #14108 , #13677 , #12639 )
    13. Perl enhancement: Update Stylers & the keywords for Perl v5.38. (Fix #14192 )
    14. Fix “Single Line Uncomment” uncommenting an extra line issue. (Fix #12829 )
    15. Fix “Next Bookmark” command not resetting current column issue. (Fix #14137 )
    16. Allow menu command Window->Windows to be assigned a shortcut. (Fix #14179 )
    17. Fix wrong categories in Shortcuts Mapper. (Fix #13285 )

    • Like 1

    cURL

    in General Software and Security Updates

    Posted

    cURL and libcurl 8.4.0 have been released. (11-October-2023)

    Download | News | Releaselogs | Changelog | Release Video |

    3 changes & 136 bugfixes.

    Fixed in 8.4.0 - October 11, 2023

    Changes:

    Bugfixes:

    • Like 1

    Mullvad Browser

    in General Software and Security Updates

    Posted

    Mullvad Browser 13.0 has been released. (13-October-2023)

    Changelog | Update: Auto-update or download.

    Changelog

    All Platforms

    • Updated Firefox to 115.3.1esr
    • Bug 40050: FF103 Audit [tor-browser-spec]
    • Bug 40051: FF104 Audit [tor-browser-spec]
    • Bug 40052: FF105 Audit [tor-browser-spec]
    • Bug 40053: FF106 Audit [tor-browser-spec]
    • Bug 40054: FF107 Audit [tor-browser-spec]
    • Bug 40055: FF108 Audit [tor-browser-spec]
    • Bug 40056: FF109 Audit [tor-browser-spec]
    • Bug 40057: FF110 Audit [tor-browser-spec]
    • Bug 40058: FF111 Audit [tor-browser-spec]
    • Bug 40059: FF112 Audit [tor-browser-spec]
    • Bug 40060: FF113 Audit [tor-browser-spec]
    • Bug 40061: FF114 Audit [tor-browser-spec]
    • Bug 40062: FF115 Audit [tor-browser-spec]
    • Bug 66: Localize Mullvad Browser [mullvad-browser]
    • Bug 166: Enable built-in URL anti-tracking query parameters stripping [mullvad-browser]
    • Bug 175: Change the default start window size from 1000x1000 [mullvad-browser]
    • Bug 177: Change help links in about:preferences and menu [mullvad-browser]
    • Bug 183: Rebase Mullvad Browser to Firefox 115 [mullvad-browser]
    • Bug 195: Choose which locales to translate Mullvad Browser to [mullvad-browser]
    • Bug 196: Enumerate Mullvad Browser-specific strings for localization [mullvad-browser]
    • Bug 199: Mullvad Browser changes required to use Mullvad Browser-specific localization strings [mullvad-browser]
    • Bug 208: Improve letterboxing's dimensions [mullvad-browser]
    • Bug 211: Change "Mullvad Browser Home" to "New tab" [mullvad-browser]
    • Bug 213: Add search engines to the default list [mullvad-browser]
    • Bug 214: Enable cross-tab identity leak protection in "quiet" mode [mullvad-browser]
    • Bug 215: Update re-adds manually removed default toolbar buttons [mullvad-browser]
    • Bug 218: uBO and Mullvad Browser Extension hidden in unified extensions panel [mullvad-browser]
    • Bug 220: "Firefox Suggest" string appears when search matches a bookmark [mullvad-browser]
    • Bug 223: Trademarks in the about popup are not translated [mullvad-browser]
    • Bug 226: First window after update should go to the user-friendly release page on GitHub [mullvad-browser]
    • Bug 228: Remove popup asking for preferred language on websites [mullvad-browser]
    • Bug 231: Fix the Security Level "read more" link in popup/settings panel [mullvad-browser]
    • Bug 243: Make sure about:mullvadbrowser is treated as a new tab page [mullvad-browser]
    • Bug 26277: When "Safest" setting is enabled searching using duckduckgo should always use the Non-Javascript site for searches [tor-browser]
    • Bug 30556: Re-evaluate letterboxing dimension choices [tor-browser]
    • Bug 33282: Increase the max width of new windows [tor-browser]
    • Bug 33955: Selecting "Copy image" from menu leaks the source URL to the clipboard. This data is often dereferenced by other applications. [tor-browser]
    • Bug 41327: Disable UrlbarProviderInterventions [tor-browser]
    • Bug 41477: Review some extensions.- preferences [tor-browser]
    • Bug 41496: Review 000-tor-browser.js and 001-base-profile.js for 115 [tor-browser]
    • Bug 41528: Hard-coded English "based on Mozilla Firefox" appears in version in "About" dialog [tor-browser]
    • Bug 41576: ESR115: ensure no remote calls for weather & addon suggestions [tor-browser]
    • Bug 41581: ESR115: figure out extension pinning / unified Extensions [tor-browser]
    • Bug 41642: Do not hide new PBM in the hamburger menu if auto PBM is not enabled [tor-browser]
    • Bug 41675: Remove javascript.options.large_arraybuffers [tor-browser]
    • Bug 41691: "Firefox Suggest" text appearing in UI [tor-browser]
    • Bug 41727: WebRTC privacy-hardening settings [tor-browser]
    • Bug 41739: Remove "Website appearance" [tor-browser]
    • Bug 41740: ESR115: change devicePixelRatio spoof to 2 in alpha for testing [tor-browser]
    • Bug 41752: Review changes done by Bug 41565 [tor-browser]
    • Bug 41765: TTP-02-006 WP1: Information leaks via custom homepage (Low) [tor-browser]
    • Bug 41774: Hide the new "Switching to a new device" help menu item [tor-browser]
    • Bug 41791: Copying page contents also puts the source URL on the clipboard [tor-browser]
    • Bug 41797: Lock RFP in release builds [tor-browser]
    • Bug 41833: Reload extensions on new identity [tor-browser]
    • Bug 41834: Hide "Can't Be Removed - learn more" menu line for uninstallable add-ons [tor-browser]
    • Bug 41874: Visual & A11 regressions in add-on badges [tor-browser]
    • Bug 41876: Remove Firefox View from title bar [tor-browser]
    • Bug 41877: NoScript seems to be blocking by default in the first 115-based testbuild [tor-browser]
    • Bug 41881: Developer tools/Network/New Request remembers requests [tor-browser]
    • Bug 41903: The info icon on the language change prompt is not shown [tor-browser]
    • Bug 41936: Review Mozilla 1770158: Use double-conversion library instead of dtoa for string-to-double conversion [tor-browser]
    • Bug 41937: Review Mozilla 1780014: Add specific telemetry for conservative and first-try handshakes [tor-browser]
    • Bug 41938: Review Mozilla 1769994: On systems with IPv6 preferred DNS resolution clients will fail to connect when "localhost" is used as host for the WebSocket server [tor-browser]
    • Bug 41939: Review Mozilla 1728871: Support fetching data from Remote Setting [tor-browser]
    • Bug 41940: Review Mozilla 1739348: When a filetype is set to "always ask" and the user makes a save/open choice in the dialog, we should not also open the downloads panel [tor-browser]
    • Bug 41941: Review Mozilla 1775254: Improve Math.pow accuracy for large exponents [tor-browser]
    • Bug 41943: Lock javascript.options.spectre.disable_for_isolated_content to false [tor-browser]
    • Bug 41945: Review Mozilla 1783019: Add a cookie banner service to automatically handle website cookie banners [tor-browser]
    • Bug 41946: Review Mozilla 1782579: Add a locale parameter to the text recognition API [tor-browser]
    • Bug 41947: Review Mozilla 1779005: Broken since Firefox 102.0: no instant fallback to direct connection when proxy became unreachable while runtime [tor-browser]
    • Bug 41949: Review Mozilla 1782578: Implement a context menu modal for text recognition [tor-browser]
    • Bug 41950: Review Mozilla 1788668: Add the possibility to check that the clipboard contains some pdfjs stuff [tor-browser]
    • Bug 41951: Review Mozilla 1790681: Enable separatePrivateDefault by default [tor-browser]
    • Bug 41959: Review Mozilla 1795944: Remove descriptionheightworkaround [tor-browser]
    • Bug 41961: Review Mozilla 1798868: Hide cookie banner handling UI by default [tor-browser]
    • Bug 41969: Review Mozilla 1746983: Re-enable pingsender2 [tor-browser]
    • Bug 41970: Review Mozilla 17909270: WebRTC bypasses Network settings & proxy.onRequest [tor-browser]
    • Bug 41973: Custom wingpanels don't line up with their toolbar icons in 13.0 alpha [tor-browser]
    • Bug 41981: Review Mozilla 1800675: Add about:preferences entry for cookie banner handling [tor-browser]
    • Bug 41983: Review Mozilla 1770447: Create a reusable "support-link" widget [tor-browser]
    • Bug 41984: Rename languageNotification.ftl to base-browser.ftl [tor-browser]
    • Bug 42013: Review Mozilla 1834374: Do not call EmptyClipboard() in nsBaseClipboard destructor [tor-browser]
    • Bug 42014: Review Mozilla 1832791: Implement a Remote Settings for the Quarantined Domains pref [tor-browser]
    • Bug 42015: Review Mozilla 1830890: Keep a history window of WebRTC stats for about:webrtc [tor-browser]
    • Bug 42019: Empty browser's clipboard on browser shutdown [tor-browser]
    • Bug 42022: Prevent extension search engines from breaking the whole search system [tor-browser]
    • Bug 42026: Disable cookie banner service and UI. [tor-browser]
    • Bug 42027: Create a Base Browser version of migrateUI [tor-browser]
    • Bug 42029: Defense-in-depth: disable non-proxied UDP WebRTC [tor-browser]
    • Bug 42037: Disable about:firefoxview [tor-browser]
    • Bug 42043: Disable gUM: media.devices.enumerate.legacy.enabled [tor-browser]
    • Bug 42046: Remove XUL layout hacks from base browser [tor-browser]
    • Bug 42050: Bring back Save As... dialog as default [tor-browser]
    • Bug 42061: Move the alpha update channel creation to a commit on its own [tor-browser]
    • Bug 42083: RemoteSecuritySettings.init throws error in console [tor-browser]
    • Bug 42084: Race condition with language preferences may make spoof_english ineffective [tor-browser]
    • Bug 42094: Disable media.aboutwebrtc.hist.enabled as security in-depth [tor-browser]
    • Bug 42138: Disable apz.overscroll.enabled pref [tor-browser]
    • Bug 42159: Responsive Design Mode not working correctly [tor-browser]
    • Bug 42166: New identity dialog missing accessible name [tor-browser]
    • Bug 42167: Make the preference auto-focus more reliable [tor-browser]
    • Bug 40893: Update (Noto) fonts for 13.0 [tor-browser-build]
    • Bug 40924: Customize MOZ_APP_REMOTINGNAME instead of passing --name and --class [tor-browser-build]
    • Bug 40937: First window after update should go to the user-friendly release page on GitHub [tor-browser-build]

    Windows

    • Bug 40737: Revert backout of Mozilla's fix for bug 1724777 [tor-browser]
    • Bug 41798: Stop building private_browsing.exe on Windows [tor-browser]
    • Bug 41806: Prevent Private Browsing start menu item to be added automatically [tor-browser]
    • Bug 41942: Review Mozilla 1682520: Use the WER runtime exception module to catch early crashes [tor-browser]
    • Bug 41944: Review Mozilla 1774083: Add Surrogate COM Server to handle native Windows notifications when Firefox is closed. [tor-browser]
    • Bug 42008: Review Mozilla 1808146: Copying images from Pixiv and pasting them in certain programs is broken [tor-browser]
    • Bug 42010: Review Mozilla 1810...

    • Thanks 1

    Tor Browser

    in General Software and Security Updates

    Posted

    The Tor Browser 13.0 (All Platforms) has been released. (12-October-2023)
    Tor Browser 13.0 is now available from the Tor Browser download page and also from our distribution directory.

    Blog/Announcement | Full Changelog

    Full changelog

    The full changelog since Tor Browser 12.5.6 is:

    • Like 2

    Macrium Reflect 8

    in General Software and Security Updates

    Posted · Edited by 1PW

    The free edition of Macrium Reflect 8 has been updated to 8.0.7690 for a security fix.

    Quote

    Security Update - CVE-2023-43896
    This update applies a security patch to psmounterex.sys. We advise you to install this release to ensure the security of your system.

    Autoupdate or download: 

    Version specific:  

Macrium Reflect Free Edition (v8.0.7783)

64-bit:
https://download.macrium.com/reflect/v8/v8.0.7783/reflect_setup_free_x64.exe

32-bit:
https://download.macrium.com/reflect/v8/v8.0.7783/reflect_setup_free_x86.exe


or version non-specific:

Macrium Reflect Free Latest Version 8 (64-bit)
https://updates.macrium.com/Reflect/v8/getmsi.asp?edition=0&type=99&arch=1&redirect=Y

Macrium Reflect Free Latest Version 8 (32-bit)
https://updates.macrium.com/Reflect/v8/getmsi.asp?edition=0&type=99&arch=0&redirect=Y

     

    The payware edition has also been updated with a similar security fix.

    • Thanks 2

    Chrome exe virus? Chrome using over 50% CPU and 75% memory

    in Resolved Malware Removal Logs

    Posted

    Hello @homeslice and welcome back:

    While you are waiting for the next qualified/approved malware removal expert helper to weigh in on your topic, and even though you may have run the following Malwarebytes utility, or its subsets, please carefully follow these instructions:

    1. Download the Malwarebytes Support Tool.
    2. In your Downloads folder, open the mb-support-x.x.x.xxx.exe file.
    3. In the User Account Control (UAC) pop-up window, click Yes to continue the installation.
    4. Run the MBST Support Tool.
    5. In the left navigation pane of the Malwarebytes Support Tool, click Advanced.
    6. In the Advanced Options, click only Gather Logs. A status diagram displays the tool is Getting logs from your computer.  WARNING: Do Not click the Repair System under Advanced unless requested to by a Malwarebytes support agent or authorized helper.
    7. A zip file named mbst-grab-results.zip will be saved to the Public desktop, please attach that file in your next reply to this topic. Please do NOT copy and paste.

    For the short time between when you post the diagnostic logs, and when your helper weighs in, please take no further self-directed remedial actions that will invalidate the diagnostic logs you will have posted.

    Thank you.

    Help Please, Blue Screen Twice Per Day!

    in Resolved Malware Removal Logs

    Posted

    Hello @medic54 and :welcome::

    While you are waiting for the next qualified/approved malware removal expert helper to weigh in on your topic, and even though you may have run the following Malwarebytes utility, or its subsets, please carefully follow these instructions:

    1. Download the Malwarebytes Support Tool.
    2. In your Downloads folder, open the mb-support-x.x.x.xxx.exe file.
    3. In the User Account Control (UAC) pop-up window, click Yes to continue the installation.
    4. Run the MBST Support Tool.
    5. In the left navigation pane of the Malwarebytes Support Tool, click Advanced.
    6. In the Advanced Options, click only Gather Logs. A status diagram displays the tool is Getting logs from your computer.  WARNING: Do Not click the Repair System under Advanced unless requested to by a Malwarebytes support agent or authorized helper.
    7. A zip file named mbst-grab-results.zip will be saved to the Public desktop, please attach that file in your next reply to this topic. Please do NOT copy and paste.

    For the short time between when you post the diagnostic logs, and when your helper weighs in, please take no further self-directed remedial actions that will invalidate the diagnostic logs you will have posted.

    Thank you.

    Firefox 126.0 release now available

    in Firefox

    Posted

    Version 118.0.2, first offered to Release channel users on October 10, 2023

    Fixed

    • Thanks 1

    Please someone help remove active malware in my PC

    in Resolved Malware Removal Logs

    Posted

    Hello @Dinesh6252 and welcome back:

    While you are waiting for the next qualified/approved malware removal expert helper to weigh in on your topic, and even though you may have run the following Malwarebytes utility, or its subsets, please carefully follow these instructions:

    1. Download the Malwarebytes Support Tool.
    2. In your Downloads folder, open the mb-support-x.x.x.xxx.exe file.
    3. In the User Account Control (UAC) pop-up window, click Yes to continue the installation.
    4. Run the MBST Support Tool.
    5. In the left navigation pane of the Malwarebytes Support Tool, click Advanced.
    6. In the Advanced Options, click only Gather Logs. A status diagram displays the tool is Getting logs from your computer.  WARNING: Do Not click the Repair System under Advanced unless requested to by a Malwarebytes support agent or authorized helper.
    7. A zip file named mbst-grab-results.zip will be saved to the Public desktop, please attach that file in your next reply to this topic. Please do NOT copy and paste.

    For the short time between when you post the diagnostic logs, and when your helper weighs in, please take no further self-directed remedial actions that will invalidate the diagnostic logs you will have posted.

    Thank you.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.