[Bitwarden Password Manager]

 

Bitwarden | Home Page | Download | FAQ | Release Notes |

The Bitwarden Desktop Edition 2024.3.2 has been released. (08-April-2024)

Release notes & downloads for all editions

Quote

Bug fixes and small improvements

[Does Malwarebytes detect the NSO group Pegasus Spyware?]

Malwarebytes has known about Pegasus for years.

https://www.malwarebytes.com/blog/news/2021/07/pegasus-spyware-has-been-here-for-years-we-must-stop-ignoring-it

 

[7-Zip]

 

7-Zip | Homepage | Downloads | History | FAQs | Support | Links | Forum |

The latest version of 7-Zip is v24.04 released on 05-April-2022.

Quote

24.04          2024-04-05
-------------------------
- New menu item in 7-Zip File Manager: “Tools / Delete Temporary Files...”.
  This menu item opens a window showing temporary folders and files
  created by 7-Zip in the user's “Temp” folder on a Windows system. 
  In this window, the user can delete temporary files.


24.03          2024-03-23
-------------------------
- 7-Zip now can use new RISCV filter for compression to 7z and xz archives.
  RISCV filter can increase compression ratio for data containing executable
  files compiled for RISC-V architecture.
- The speed for LZMA and LZMA2 decompression in ARM64 version for Windows
  was increased by 20%-60%.
- 7-Zip GUI and 7-Zip File Manager can ask user permission to unpack RAR archives that
  require big amount of memory, if the dictionary size in RAR archive is larger than 4 GB.
- new switch -smemx{size}g : to set allowed memory usage limit for RAR archive unpacking.
  RAR archives can use dictionary up 64 GB. Default allowed limit for RAR unpacking is 4 GB.
- 7zg.exe (7-Zip GUI): -y switch disables user requests and messages.
- 7-Zip shows hash methods XXH64 and BLAKE2sp in context menu.
- -slmu switch : to show timestamps as UTC instead of LOCAL TIME.
- -slsl switch : in console 7-Zip for Windows : to show file paths with 
  linux path separator slash '/' instead of backslash separator '\'.
- 7-Zip supports .sha256 files that use backslash path separator '\'.
- Some bugs were fixed.


24.01          2024-01-31
-------------------------
- 7-Zip now can unpack ZSTD archives (.zst filename extension).
- 7-Zip now can unpack ZIP, SquashFS and RPM archives that use ZSTD compression method.
- 7-Zip now supports fast hash algorithm XXH64 that is used in ZSTD.
- 7-Zip now can unpack RAR archives (that use larger than 4 GB dictionary) created by new WinRAR 7.00.
- 7-Zip now can unpack DMG archives that use XZ (ULMO/LZMA) compression method.
- 7-zip now can unpack NTFS images with cluster size larger than 64 KB.
- 7-zip now can unpack MBR and GDP images with 4 KB sectors.
- Speed optimizations for archive unpacking: rar, cab, wim, zip, gz.
- Speed optimizations for hash caclulation: CRC-32, CRC-64, BLAKE2sp.
- The bug was fixed: 7-Zip for Linux could fail for multivolume creation in some cases.
- Some bugs were fixed.

 

[Firefox 125.0.2 release now available]

Version 124.0.2, first offered to Release channel users on April 2, 2024

Quote

Fixed

• Fixed an issue where users with numerous bookmarks would be unable to restore a bookmarks backup. (Bug 1884308)

• Fixed an issue that would cause open Firefox windows to go blank or crash during video playback on sites such as Netflix. (Bug 1883932)

• Fixed a crash that affected Linux AArch64 builds.(Bug 1866396)

• Fixed an issue where some users experienced difficulties loading webpages due to changes made to the default AppArmor configuration shipping in Ubuntu 24.04. (Bug 1884347)

 

 

[Bitwarden installer possible false positive]

https://www.virustotal.com/gui/file/2954cf74cf13fb101c6b7b604cf35f25ecc7b9c55b07af4867c8da4d60256d45

 

[uBlock Origin (uBO)]

uBO 1.57.0 was released on 29-March-2024.

Download: Autoupdate or install from the browser's Add-ons source.

Announcement, Release Notes & Downloads |

Quote

Fixes / changes

• Do not block large media resources when loaded as top-level document
• Properly manage cache storage regarding managed user filters
• Improve [trusted-]set-cookie scriptlets
• Fixed Belgian and Nepali flags for Windows Chromium users (by @DandelionSprout)
• Mind that tabs.sendMessage can throw
• Improve set-cookie scriptlet
• Append wildcard character only when filter starts & ends with /
• Fix failure to create popup logger window sometimes
• Improve json-prune-related scriptlets
• Support maximizing editor to viewport size
• Add advanced setting to force popup panel orientation
• Add checkboxes to “My filters” pane
• Assume UTF-8 when no encoding can be looked up
• Fix issue with “My filters” pane on mobile
• Support aborting “Pick” mode in element picker
• Remove sections with no lists in “Filter lists” pane
• Add “Social widgets”, “Cookie notices” sections in “Filter lists” pane
• No longer disable generic cosmetic filters by default on mobile
• Improve spoof-css scriptlet
• Make asset updater compatible with non-persistent background page
• Move dragbar to the top of element picker dialog
  • Move “Quit” button to top bar in element picker
• Add advanced setting requestStatsDisabled
• First lookup matching stock lists when importing URLs
• Reset filter lists in worker when creating filters via “Block element”
• Remove trusted-source requirement when using badfilter
• Redesign cache storage
• Don't match network filter-derived regexes against non-network URIs
• Remove obsolete trusted directives
• Support logging details of calls to json-prune-fetch-response
• Escape special whitespace characters in attribute values

 

 

[Tor Browser]

Hello @TonyVerdoon:

Although Malwarebytes staffers may further investigate the possible false positive, it appears as if that computer's Tor Browser is four (4) versions behind in updates. Please consider updating to version 13.0.13 which will update its Firefox to 115.9.1esr.

Furthermore, please update Malwarebytes 4 for Windows (MB4) to General Availability (GA) version 4.6.11.320-1.0.2302, followed by a check of the Update package version for the latest.

Then please follow with Windows 10 restart and a new MB4 Threat Scan and reply to this topic with the scan results.

Thank you.

[Copilot has been banned for use by US House staff members, at least for now]

Quote

A new report states that the US House of Representatives has blocked the use of Microsoft's Copilot generative AI assistant by its staff members. The report comes from Axios, which says that it got to see the new guidance that was sent to House staff members about Copilot.

More…

 

[Notepad++ Updates]

Notepad++ | Homepage | Downloads, Hashes & Bug-Fixes | News | Resources | Wiki | FAQ | User Manual | Forum |

v8.6.5 was released. (30-March-2024)

Notepad++ v8.6.5 bug-fixes & enhancements:

1. Fix “Replace All” action not notifying plugins of modification regression by adding NPPN_GLOBALMODIFIED. (Fix #14767, see NPPN_GLOBALMODIFIED how to)
2. Fix plugins not receiving some Scintilla notification types regression. (Fix issue)
3. Fix Shortcut Mapper potential crash problem. (Implement #14880)
4. Fix period backup potential crash due to the deadlock. (Fix #14906)
5. Fix NULL characters file corruption after power outrages. (Fix #6133, implement #14860)
6. Remedy losing session problem after the power outrages. (Fix #14781, implement #14858)
7. Fix URLs are not detected after a “Replace All” regression. (Fix #14864)
8. Notify user while saving failure due to hardware problem. (Implement #14842)
9. Update to scintilla 5.4.3 (from 5.4.1) & Lexilla 5.3.1. (Implement #14834)
10. Support template literals (template strings) in JavaScript & make `back-quoted strings` more readable. (Fix #3822)
11. Add support for Change History in the text, besides in the margin. Also, make Change History color configurable. (Fix #12321, #13915, Implement #14838)
12. Fix NPPM_RELOADFILE API return wrong result issue. (Fix issue)
13. Enhance the Shortcut Mapper filter to find the command items more easily. (Fix #14743)
14. Prevent typing control characters into document & make it optional. (Fix #13279)
15. Fix possible no-GUI state when using systray. (Fix #14777)
16. Make context menu popup location at current text position when invoked via keyboard. (Fix #14727)
17. Fix Notepad++ blocked when closed, minimized or from systray. (Fix #14718)
18. Fix Mouse Wheel Scrolling in Shortcut Mapper & reduce also the memory use. (Fix #14895)
19. Fix Python wrong decorator attribute colors & add “ATTRIBUTE” color in styles.xml.model. (Fix #5894)

[false alarm of QQLive]

Google translation from Chinese (Traditional) to English:

Quote

Malwarebytes
www.malwarebytes.com

-Record details-
Protection event date: 2024/3/29
Protection event time: 7:40 AM
Log file: 7e88acf8-ed5c-11ee-a492-f0b61e439ae9.json

-Software information-
Version: 4.6.11.320
Component version: 1.0.2302
Update package version: 1.0.82720
License: Premium version

-System Information-
Operating system: Windows 11 (Build 22621.3296)
CPU: x64
File system: NTFS
User: System

-Blocked website details-
Malicious websites: 1
, C:\Program Files (x86)\Tencent\QQLive\QQLive.exe, blocked, -1, -1, 0.0.0, ,

-Website information-
Category: Crack
Domain:
IP address: 220.174.210.68
Port: 15937
Type: consecutive
File: C:\Program Files (x86)\Tencent\QQLive\QQLive.exe

(end)

Attribution: https://translate.google.com/

[LibreOffice]

The latest Fresh Branch 24.2.2.2 has been released. (28-March-2024)

The latest Still Branch 7.6.6.3 has been released. (28-March-2024)

Announcement | Release Notes | Fresh & Still Branch Downloads | Blog |

Quote

24.2.2

Installation

Windows

• LibreOffice 24.2 will require Windows 7 or newer

New Features

An in-progress list of features for this version is available here.

Reported Bugs

A list of annoying bugs still contained in this version is available from Bugzilla. On the other hand, the list of annoying bugs fixed in this version is available from Bugzilla. the full list of reported bugs is here.

Collaborators

The full list of people who have collaborated in this release is here.

List of fixed bugs

Bugs fixed compared to 24.2.2 RC1:

1. tdf#152524 macOS: LibreOffice crashes (gpgme / gpgmeio) on macOS 13 Ventura [Patrick Luby]
2. tdf#157241 Freeze when removing table [Michael Stahl]
3. tdf#158783 editing alphabetical index crashes Writer [Armin Le Grand (allotropia)]
4. tdf#159373 Crash in: ScTable::HasAttrib(short,long,short,long,HasAttrFlags) [Julien Nabet]
5. tdf#159730 RTF table split document layout [Oliver Specht]
6. tdf#159915 LibreOffice scaled incorrectly when running with KF6 or Qt6 VCL on Wayland [Michael Weghorn]
7. tdf#159931 Exported pptx cannot be opened in PowerPoint because a referenced part does not exist [Sarper Akdemir]
8. tdf#159996 Dialogs editor don't show controls correctly [Patrick Luby]
9. tdf#160036 Selection invisible in a11y High Contrast modes with SKIA/Raster, Skia/Vulkan unaffected [Patrick Luby]
10. tdf#160095 CRASH: using ALT+RETURN twice [Julien Nabet]
11. tdf#160117 Conditional formatting handling bug in Calc 24.2 with different but overlapping ranges [Mike Kaganski]
12. tdf#160149 CRASH: undoing conditional format [Mike Kaganski]
13. tdf#160180 About box for 24.2 has out of date copyright year [Julien Nabet]

Translations

This build contains these translation updates: [1]. See credits for each language.

7.6.6

Installation

Windows

• LibreOffice 7.6 will require Windows 7 or newer

New Features

An in-progress list of features for this version is available here.

Reported Bugs

A list of annoying bugs still contained in this version is available from Bugzilla. On the other hand, the list of annoying bugs fixed in this version is available from Bugzilla. the full list of reported bugs is here.

Collaborators

The full list of people who have collaborated in this release is here

List of fixed bugs

Bugs fixed compared to 7.6.5 RC2:

1. tdf#101313 Copy-paste a Table With Merged Cells from Writer to Calc: Cells Placed in Wrong Position (Wrong cell offsets) [Noel Grandin]
2. tdf#131550 Notifications bloating the UI [Heiko Tietze]
3. tdf#147731 Crash in SwFrameFormat::~SwFrameFormat() [Michael Stahl]
4. tdf#155663 FILEOPEN RTF Image crop not imported [Michael Stahl]
5. tdf#155961 cannot access the controls close to vertical scrollbar [Caolán McNamara]
6. tdf#156830 FILEOPEN PPTX: background image shifts down in presentation mode [Sarper Akdemir]
7. tdf#157135 LibreOffice 7.6 stalls/crashes under Windows 11 with Norwegian (Bokmål) locale when opening file dialog [Mike Kaganski]
8. tdf#157158 [UI] Comment arrow drop down is white/light grey when in dark mode [Xisco Fauli]
9. tdf#158044 RTF import paragraph style attribute handling wrong [Oliver Specht]
10. tdf#158326 FILTER autofilter seems to convert ß in ss and ignores value [Andreas Heinisch]
11. tdf#158360 [CRASH] LibreOffice crashes after editing, closing and trying to reopen DOCX file [Balazs Varga]
12. tdf#158586 FILEOPEN RTF: missing page break [Michael Stahl, Justin Luth]
13. tdf#158597 FILEOPEN DOCX Numbering in specific file is unexpectedly bold [Michael Stahl]
14. tdf#158826 FILEOPEN RTF Floating table with image creates unexpected page break [Justin Luth]
15. tdf#158947 Pasting clipboard contents is not possible under certain circumstances with Wayland [Michael Weghorn]
16. tdf#158983 FILEOPEN: RTF: 2 page table is displayed in one page [Michael Stahl]
17. tdf#159015 HANG: scrolling after opening file [Michael Stahl]
18. tdf#159107 Removing row in footnote's floating table removes whole table (track changes on but not visible) [Miklos Vajna]
19. tdf#159350 Hiding Options dialog tabpages stopped working [Noel Grandin]
20. tdf#159420 EDITING Autofilter for empty cells disabled when by Autofilter in other column empty cells filtered out [Xisco Fauli]
21. tdf#159453 Importing DOCX: Position of frame has gone [Miklos Vajna]
22. tdf#159502 missing XML2 version [Michael Stahl]
23. tdf#159566 SVG import: mis-positioned text for specific file [Xisco Fauli]
24. tdf#159641 TreeView does not repaint correctly while scrolling with PgUp in kf5/gen [Noel Grandin]
25. tdf#159666 Crash when table and line object are selected at the same time [Xisco Fauli]
26. tdf#159730 RTF table split document layout [Oliver Specht]
27. tdf#159735 Crash when using APSO extension and closing LibreOffice [Michael Weghorn]
28. tdf#159813 Assertion failed when dragging-and-dropping text [Mike Kaganski]
29. tdf#159816 Crash in drag-n-drop of multiple paragraphs with a bookmark [Mike Kaganski]
30. tdf#159854 Trigger text is black on dark grey in Animation sidebar deck (dark mode) [Caolán McNamara]
31. tdf#159908 LibreOffice crashes when using a constant as a loop variable in BASIC code, leading to data loss. [Mike Kaganski]
32. tdf#159955 When using a custom page number in Writer, the custom page number and the actual sum of pages are switched in the sidebar [Julien Nabet]
33. tdf#160003 Copying a sheet with chart and pasting to other document's sheet with a different name looses chart [Regina Henschel]

Translations

This build contains these translation updates: [1]. See credits for each language.

[Wireshark]

Wireshark Announcement / News stable version 4.2.4 has been released. (27-March-2024)

Autoupdate or Download | Release Notes |

What’s New

Bug Fixes
If you are upgrading to Wireshark 4.2.0 or 4.2.1 on Windows, you will need to download and install Wireshark 4.2.4 or later by hand.

The following vulnerabilities have been fixed:

[*]wnpa-sec-2024-06 T.38 dissector crash. Issue 19695. CVE-2024-2955.

Additionally, CVE-2024-24478, CVE-2024-24479, and CVE-2024-24476 were recently assigned to Wireshark without any coordination with the Wireshark project. As far as we can determine, each one is based on invalid assumptions and we have requested that they be rejected.

The following bugs have been fixed:

[*]Extcap with configuration never starts; “Configure all extcaps before start of capture.” is shown instead. Issue 18487.

• Packet Dissection CSV Export includes last column, even if hidden. Issue 19666.

  
  

• Inject TLS secrets closes Wireshark on Windows. Issue 19667.

  
  

• Fuzz job issue: fuzz-2024-02-27-7196.pcap. Issue 19674.

  
  

• Wireshark crashes when adding another port to the HTTP dissector. Issue 19677.

  
  

• Fuzz job issue: fuzz-2024-03-03-7204.pcap. Issue 19685.

  
  

• Fuzz job issue: randpkt-2024-03-05-8004.pcap. Issue 19688.

  
  

• When adding a new row to a table, an error report may be inserted. Issue 19705.

  
  

• '--export-objects' does not work as expected on tshark version later than 3.2.10. Issue 19715.

  
  

• Fuzz job issue: fuzz-2024-03-21-7215.pcap. Issue 19717.
  

New and Updated Features
There are no new or updated features in this release.

New Protocol Support
There are no new protocols in this release.

Updated Protocol Support
5GLI, 6LoWPAN, AFP, AllJoyn, AMQP, ASAP, Babel, BACnet, Banana, BEEP, Bencode, BFCP, BGP, BT BNEP, BT SDP, BT-DHT, BVLC, CFLOW, CIP, CMIP, CMP, COROSYNC/TOTEMSRP, COSE, CQL, CSN.1, DAP, DCCP, DCOM, DHCPv6, DICOM, DISP, DOCSIS MAC MGMT, DOF, DVB-S2, E2AP, EDONKEY, ENRP, ErlDP, Etch, EXTREME MESH, FC-SWILS, GIOP, GLOW, GNW, GOOSE, GQUIC, Gryphon, GSM A-bis OML, GSUP, GTPv2, H.223, H.225.0, H.245, H.248, H.264, H.265, HSMS, ICMPv6, ICQ, IEEE1609dot2, IPP, IPPUSB, ISAKMP, iSCSI, ISIS LSP, ISO 7816, ISUP, ITS, JSON 3GPP, JXTA, Kafka, KINK, KNX/IP, LDAP, LDP, LISP, LISP TCP, LLRP, LwM2M-TLV, M2UA, M3UA, MAC-LTE, MBIM, MMS, MONGO, MPEG PES, MPLS Echo, MQ PCF, MQTT-SN, MS-WSP, MSDP, MsgPack, NAS-5GS, NETLINK, NHRP, OpenFlow, OpenWire, OPSI, OSC, P22, P7, PANA, PIM, PNIO, ProtoBuf, PROXY, Q.2931, QNET, RDP, RESP, RPL, RSL, RSVP, RTLS, RTMPT, RTPS, S7COMM, SCTP, SIMULCRYPT, SMB2, SML, SNA, SNMP, Socks, SolarEdge, SOME/IP, SoulSeek, SUA, T.38, TCAP, TEAP, TFTP, Thread, Thrift, TN5250, USBHID, USBVIDEO, VP9, WASSP, WiMAX ASN CP, WLCCP, WTP, X.509IF, X.509SAT, XML, XMPP, YAMI, Z39.50, and ZigBee ZCL

New and Updated Capture File Support
There is no new or updated capture file support in this release.

Updated File Format Decoding Support
BLF, JPEG, and RBM

[cURL]

 

cURL and libcurl 8.7.1 have been released. (27-March-2024)

Website | Download | News | Releaselogs | Changelog | Video Presentations | Documentation |

Fixed in 8.7.1 - March 27, 2024

8.7.1

Bugfixes:

• Fixed empty tool_hugehelp.c file

[cURL]

 

cURL and libcurl 8.7.0 have been released. (27-March-2024)

Website | Download | News | Releaselogs | Changelog | Video Presentations | Documentation |

Fixed in 8.7.0 - March 27, 2024

Changes:

• configure: add --disable-docs flag
• CURLINFO_USED_PROXY: return bool whether the proxy was used
• digest: support SHA-512/256
• DoH: add trace configuration
• write-out: add '%{proxy_used}'

Bugfixes:

• ALTSVC.md: correct a typo
• asyn-ares: fix data race warning
• asyn-thread: use wakeup_close to close the read descriptor
• badwords: use hostname, not host name
• BINDINGS: add mcurl, the python binding
• bufq: writing into a softlimit queue cannot be partial
• c-hyper: add header collection writer in hyper builds
• cd2nroff: gen: make `\>` in input to render as plain '>' in output
• cd2nroff: remove backticks from titles
• checksrc.pl: fix handling .checksrc with CRLF
• cmake: add USE_OPENSSL_QUIC support
• cmake: add warning for using TLS libraries without 1.3 support
• cmake: enable `ENABLE_CURL_MANUAL` by default
• cmake: fix `CURL_WINDOWS_SSPI=ON` with Schannel disabled
• cmake: fix function description in comment
• cmake: fix install for older CMake versions
• cmake: fix libcurl.pc and curl-config library specifications
• cmdline-docs/Makefile: avoid using a fixed temp file name
• cmdline-docs: quote and angle bracket cleanup
• cmdline-opts/_EXITCODES: sync with libcurl-errors
• cmdline-opts/_VARIABLES.md: improve the description
• cmdline-opts/_VERSION: provide %VERSION correctly
• cmdline-opts: shorter help texts
• configure: add pkg-config support to rustls detection
• configure: add warning for using TLS libraries without 1.3 support
• configure: build & install shell completions when enabled
• configure: do not link with nghttp3 unless necessary
• configure: Don't build shell completions when disabled
• configure: Don't make shell completions without perl
• configure: find libpsl with pkg-config
• connect.c: fix typo
• CONTRIBUTE: update the section on documentation format
• cookie.md: provide an example sending a fixed cookie
• cookie: if psl fails, reject the cookie
• curl: exit on config file parser errors
• curl: make --libcurl output better CURLOPT_*SSLVERSION
• curl: when allocating variables, add the name into the struct
• curl_setup.h: add curl_uint64_t internal type
• curldown: fix email address in Copyright
• CURLMOPT_MAX*: mention what happens if changed mid-transfer
• CURLOPT_INTERFACE.md: remove spurious amp, add see-also
• CURLOPT_POSTQUOTE.md: fix typo
• CURLOPT_SSL_CTX_FUNCTION.md: no promises of lifetime after return
• CURLOPT_WRITEFUNCTION.md: typo fix
• digest: add check for hashing error
• dist: make sure the http tests are in the tarball
• DISTROS: add document with distro pointers
• docs/libcurl: add TLS backend info for all TLS options
• docs/libcurl: generate PROTOCOLS from meta-data
• docs: add missing slashes to SChannel client certificate documentation
• docs: add necessary setup for nghttp3
• docs: ascii version of manpage without nroff
• docs: dist curl*.1 and install without perl
• docs: make curldown do angle brackets like markdown
• docs: make each libcurl man specify protocol(s)
• docs: make sure curl.1 is included in dist tarballs
• docs: update minimal binary size in INSTALL.md
• docs: use present tense
• examples: use present tense in comments
• file: use xfer buf for file:// transfers
• fopen: fix narrowing conversion warning on 32-bit Android
• form-string.md: correct the example
• ftp: do lineend conversions in client writer
• ftp: fix socket wait activity in ftp_domore_getsock
• ftp: tracing improvements
• ftp: treat a 226 arriving before data as a signal to read data
• gen.pl: make the "manpageification" faster
• gen: make `\>` in input to render as plain '>' in output
• getparam: make --ftp-ssl work again
• GHA/linux: add sysctl trick to work-around GitHub runner issue
• GIT-INFO: convert to markdown
• GOVERNANCE: document the core team
• header.md: remove backslash, make nicer markdown
• HTTP/2: write response directly
• http2, http3: return CURLE_PARTIAL_FILE when bytes were received
• http2: fix push discard
• http2: memory errors in the push callbacks are fatal
• http2: minor tweaks to optimize two struct sizes
• http2: push headers better cleanup
• http2: remove the third (unused) argument from http2_data_done()
• HTTP3.md: adjust the OpenSSL QUIC install instructions
• http: better error message for HTTP/1.x response without status line
• http: improve response header handling, save cpu cycles
• http: move headers collecting to writer
• http: remove stale comment about rewindbeforesend
• http: separate response parsing from response action
• http_chunks: fix the accounting of consumed bytes
• http_chunks: remove unused 'endptr' variable
• https-proxy: use IP address and cert with ip in alt names
• hyper: implement unpausing via client reader
• ipv6.md: mention IPv4 mapped addresses
• KNOWN_BUGS: POP3 issue when reading small chunks
• lib1598: fix `CURLOPT_POSTFIELDSIZE` usage
• lib582: remove code causing warning that is never run
• lib: add `void *ctx` to reader/writer instances
• lib: convert Curl_get_line to use dynbuf
• lib: Curl_read/Curl_write clarifications
• lib: enhance client reader resume + rewind
• lib: initialize output pointers to NULL before calling strto[ff,l,ul]
• lib: keep conn IP information together
• lib: move 'done' parameter to SingleRequests
• lib: remove curl_mimepart object when CURL_DISABLE_MIME
• libcurl-docs: cleanups
• libcurl-security.md: Active FTP passes on the local IP address
• libssh/libssh2: return error on too big range
• MANUAL.md: fix typo
• mbedtls: fix building when MBEDTLS_X509_REMOVE_INFO flag is defined
• mbedtls: fix pytest for newer versions
• mbedtls: properly cleanup the thread-shared entropy
• mbedtls: use mbedtls_ssl_conf_{min|max}_tls_version
• md4: include strdup.h for the memdup proto
• mime: add client reader
• misc: fix typos in docs and lib
• mkhelp: simplify the generated hugehelp program
• mprintf: fix format prefix I32/I64 for windows compilers
• multi: add xfer_buf to multi handle
• multi: fix multi_sock handling of select_bits
• multi: make add_handle free any multi_easy
• ngtcp2: no recvbuf for stream
• ntml_wb: fix buffer type typo
• OpenSSL QUIC: adapt to v3.3.x
• openssl-quic: check on Windows that socket conv to int is possible
• openssl-quic: fix BIO leak and Windows warning
• openssl-quic: fix unity build, casing, indentation
• OS400: avoid using awk in the build scripts
• paramhlp: fix CRLF-stripping files with "-d @file"
• proxy1.0.md: fix example
• pytest: adapt to API change
• request: clarify message when request has been sent off
• rustls: make curl compile with 0.12.0
• schannel: fix hang on unexpected server close
• scripts: fix cijobs.pl for Azure and GHA
• sendf: ignore response body to HEAD
• setopt: fix check for CURLOPT_PROXY_TLSAUTH_TYPE value
• setopt: fix disabling all protocols
• sha512_256: add support for GnuTLS and OpenSSL
• smtp: fix STARTTLS
• SPONSORS: describe the basics
• strtoofft: fix the overflow check
• test 1541: verify getinfo values on first header callback
• test1165: improve pattern matching
• tests: support setting/using blank content env variables
• TIMER_STARTTRANSFER: set the same for everyone
• TLS: start shutdown only when peer did not already close
• TODO: update 13.11 with more information
• tool_cb_hdr: only parse etag + content-disposition for 2xx
• tool_getparam: accept a blank -w ""
• tool_getparam: handle non-existing (out of range) short-options
• tool_operate: change precedence of server Retry-After time
• tool_operate: do not set CURLOPT_QUICK_EXIT in debug builds
• trace-config.md: remove the mutexed options list
• transfer.c: break receive loop in speed limited transfers
• transfer: improve Windows SO_SNDBUF update limit
• urldata: move authneg bit from conn to Curl_easy
• version: allow building with ancient libpsl
• vquic-tls: fix the error code returned for bad CA file
• vtls: fix tls proxy peer verification
• vtls: revert "receive max buffer" + add test case
• VULN-DISCLOSURE-POLICY.md: update detail about CVE requests
• websocket: fix curl_ws_recv()
• wolfSSL: do not call the stub function wolfSSL_BIO_set_init()
• write-out.md: clarify error handling details

[Tails]

 

Tails 6.1 (stable) has been released. (27-March-2024)
Home | Downloads | Hashes | Changelog | Documentation | Support | FAQ | Known issues | News |

Tails 6.1 2024-03-27

Changes and updates

• Update Tor Browser to 13.0.13. This includes the changes brought by 13.0.12.

• Update Thunderbird to 115.9.0.

Fixed problems

• Fix Onion Circuits. #20233

• Fix Welcome Screen, frequently showing a “Welcome to Tails!” is not responding error. #20236

• Fix Videos showing an error message during playback. #20243

• Fix problems with changing the passphrase of the Persistent Storage. #20217

• Tails Cloner can now install and upgrade to devices with multiple mounted partitions. #20149

• The Persistent Storage settings now display all enabled custom Persistent Storage features. #19267

• Mitigate the RFDS Intel CPU vulnerabilities. #20274

For more details, read our changelog.

[Malwarebytes Browsis not updated to the latest version in the mozilla store]

Hello @leo3487:

Understanding the risks of installing self-hosted extensions

 

How would a defense be mounted against the world's bad actors?

Mozilla's .xpi (PK) files (browser extension installer) do not have compulsory digital signing, nor bear an X.509 certificate.

It is not widely known if 3rd party authored .xpi files can be otherwise verified for integrity.

Can a downloaded .xpi file defend against a MITM attack? No.

Can a .xpi file be subjected to packing, crypting, obfuscating or other alterations without detection by Firefox? Yes.

HTH

CC: @David H. Lipman

[Tor Browser]

The Tor Browser 13.0.12 (All Platforms) has been released. (19-March-2024)
Tor Browser 13.0.12 is now available from the Tor Browser download page and also from our distribution directory.

Blog/Announcement | Full Changelog |

Quote

The Tor Project has recently been notified of a potential fingerprinting vulnerability with automatic Onion-Location redirects. In an abundance of caution, we have removed the 'prioritize .onion sites when known' option from Tor Browser. We are looking further into this issue and will provide timely updates as more research and additional recommendations become available.

Send us your feedback

If you find a bug or have a suggestion for how we could improve this release, please let us know.

Full changelog

The full changelog since Tor Browser 13.0.11 is:

• All Platforms
  • Updated Snowflake to 2.9.2
  • Bug tor-browser#42376: The placeholder of datetime inputs keeps being localized when spoof English is on
  • Bug tor-browser#42378: spoof English + htmlform <details> can leak app language
  • Bug tor-browser#42444: Remove the “Prioritize .onion sites when known” option
  • Bug tor-browser#42448: Rebase Tor Browser stable onto Firefox 115.9.0esr
  • Bug tor-browser#42459: Add startpage onion service to list of search providers
  • Bug tor-browser-build#41105: Bump version of snowflake to v2.9.2
• Windows + macOS + Linux
  • Updated Firefox to 115.9.0esr
• Windows
  • Bug tor-browser#42377: Hidden fonts are automatically added to the allow list
• Android
  • Updated GeckoView to 115.9.0esr
  • Bug tor-browser#42407: TTP-03-010 WP3: Potential phishing
• Build System
  • All Platforms
    • Updated Go to 1.21.8
    • Bug tor-browser-build#41102: src archive does not match, likely due to mismatched xz-utils version

 

[Bruce Schneier's Crypto-Gram]

Schneier on Security, 15-March-2024

Quote

In this issue:

1. On the Insecurity of Software Bloat
2. European Court of Human Rights Rejects Encryption Backdoors
3. Microsoft Is Spying on Users of Its AI Tools
4. Details of a Phone Scam
5. New Image/Video Prompt Injection Attacks
6. AIs Hacking Websites
7. Apple Announces Post-Quantum Encryption Algorithms for iMessage
8. China Surveillance Company Hacked
9. A Cyber Insurance Backstop
10. How the “Frontier” Became the Slogan of Uncontrolled AI
11. NIST Cybersecurity Framework 2.0
12. LLM Prompt Injection Worm
13. The Insecurity of Video Doorbells
14. Surveillance through Push Notifications
15. How Public AI Can Strengthen Democracy
16. A Taxonomy of Prompt Injection Attacks
17. Essays from the Second IWORD
18. Using LLMs to Unredact Text
19. Jailbreaking LLMs with ASCII Art
20. Burglars Using Wi-Fi Jammers to Disable Security Cameras
21. Automakers Are Sharing Driver Data with Insurers without Consent

 

[Mullvad Browser]

Mullvad Browser 13.0.12 has been released. (19-March-2024)

Blog | Changelog | Update: Auto-update or download.

Quote

Mullvad Browser 13.0.12 Latest

 

 

All Platforms

• Updated Firefox to 115.9.0esr
• Updated Mullvad-Browser-Extension to 0.9.0
• Updated uBlock Origin to 1.56.0
• Mullvad support email has changed from support@mullvad.net to support@mullvadvpn.net [mullvad-browser]
• Rebase Mullvad Browser stable onto Firefox 115.9.0esr [mullvad-browser]
• The placeholder of datetime inputs keeps being localized when spoof English is on [tor-browser]
• spoof English + htmlform <details> can leak app language [tor-browser]

Windows

• Hidden fonts are automatically added to the allow list [tor-browser]

Build System

All Platforms

• kick_devmole_build script prints wrong URL for Mullvad's build hashes [tor-browser-build]
• authenticode-timestamping.sh fails to run again because tmp-timestamp already exists [tor-browser-build]
• src archive does not match, likely due to mismatched xz-utils version [tor-browser-build]

 

[Firefox 125.0.2 release now available]

Version 124.0, first offered to Release channel users on March 19, 2024

Quote

New

• Caret browsing mode now also works in the PDF viewer. (Learn more)

• In Firefox View, open tabs can now be sorted by either recent activity or tab order. Recent activity is the default setting.

• Firefox now populates the Windows taskbar jump list more efficiently, which should allow for a smoother overall browsing experience.

• Firefox on Mac now uses the macOS fullscreen API for all types of fullscreen windows. This should better match the expected macOS user experience for fullscreen spaces, menubar and the Dock.

• As of Firefox 124, Qwant's availability has been expanded to all languages in the France region along with Belgium, Italy, Netherlands, Spain, and Switzerland.

Fixed

• Various security fixes.

Quote

Mozilla Foundation Security Advisory 2024-12

Security Vulnerabilities fixed in Firefox 124

Announced
    March 19, 2024
Impact
    high
Products
    Firefox
Fixed in

        Firefox 124

#CVE-2024-2605: Windows Error Reporter could be used as a Sandbox escape vector

Reporter
    goodbyeselene
Impact
    high

Description

An attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system escaping the sandbox. Note: This issue only affected Windows operating systems. Other operating systems are unaffected.
References

    Bug 1872920

#CVE-2024-2606: Mishandling of WASM register values

Reporter
    P1umer
Impact
    high

Description

Passing invalid data could have led to invalid wasm values being created, such as arbitrary integers turning into pointer values.
References

    Bug 1879237

#CVE-2024-2607: JIT code failed to save return registers on Armv7-A

Reporter
    Gary Kwong
Impact
    high

Description

Return registers were overwritten which could have allowed an attacker to execute arbitrary code. Note: This issue only affected Armv7-A systems. Other operating systems are unaffected.
References

    Bug 1879939

#CVE-2024-2608: Integer overflow could have led to out of bounds write

Reporter
    Ronald Crane
Impact
    high

Description

AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding() and AppendEncodedCharacters() could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write.
References

    Bug 1880692

#CVE-2023-5388: NSS susceptible to timing attack against RSA decryption

Reporter
    Hubert Kario
Impact
    moderate

Description

NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data.
References

    Bug 1780432

#CVE-2024-2609: Permission prompt input delay could expire when not in focus

Reporter
    Shaheen Fazim
Impact
    moderate

Description

The permission prompt input delay could have expired while the window is not in focus, which made the prompt vulnerable to clickjacking by malicious websites.
References

    Bug 1866100

#CVE-2024-2610: Improper handling of html and body tags enabled CSP nonce leakage

Reporter
    Georg Felber and Marco Squarcina (TU Wien)
Impact
    moderate

Description

Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies.
References

    Bug 1871112

#CVE-2024-2611: Clickjacking vulnerability could have led to a user accidentally granting permissions

Reporter
    Hafiizh
Impact
    moderate

Description

A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions.
References

    Bug 1876675

#CVE-2024-2612: Self referencing object could have potentially led to a use-after-free

Reporter
    Ronald Crane
Impact
    moderate

Description

If an attacker could find a way to trigger a particular code path in SafeRefPtr, it could have triggered a crash or potentially be leveraged to achieve code execution.
References

    Bug 1879444

#CVE-2024-2613: Improper handling of QUIC ACK frame data could have led to OOM

Reporter
    Max Inden
Impact
    low

Description

Data was not properly sanitized when decoding a QUIC ACK frame; this could have led to unrestricted memory consumption and a crash.
References

    Bug 1875701

#CVE-2024-2614: Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9

Reporter
    Noah Lokocz, Kevin Brosnan, Ryan VanderMeulen and the Mozilla Fuzzing Team
Impact
    high

Description

Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
References

    Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9

#CVE-2024-2615: Memory safety bugs fixed in Firefox 124

Reporter
    Paul Bone and the Mozilla Fuzzing Team
Impact
    critical

Description

Memory safety bugs present in Firefox 123. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
References

    Memory safety bugs fixed in Firefox 124

 

 

[Tor launches WebTunnel Bridge as another way to bypass censorship]

Quote

The Tor Project announced the immediate release of WebTunnel Bridge, a new way for Tor users to bypass censorship. Not all Tor users may fire up the official client to connect to the network and access content on the Internet that would otherwise be blocked.

Depending on the environment, the default Tor browser and network connections may not work. This is a problem that so-called bridges attempt to solve. Think of a bridge as a way to access Tor indirectly. There are several options available, and the latest one is WebTunnel Bridge.

More…

and more…

 

[Bitwarden Password Manager]

Bitwarden Editions 2024.3.0 have been released. (12-March-2024)

Release notes & downloads for all editions

Quote

• Bug fixes

 

[Macrium Reflect 8]

Macrium Reflect 8 Home was updated to 8.1.7909 on 11-JMarch-2024. (30-day free trial, paid version)

Release notes | Download |

Bug fixes and Improvements, v8.1.7909 - 11th March 2024

• General
  • When preparing a backup completion email, Reflect could crash when querying disk information. This has been resolved.
  • Reflect could crash while loading in the Rescue environment. This has been resolved.
  • On rare occasions, Reflect may crash while in Backup Creation Wizard. This has been resolved.
  • Some customers have reported a Reflect crash during Clone operation. This has been resolved.
  • The macrium_restore.xml file could remain on the system if the Rescue Media boot menu build operation is cancelled during a system restore process. This has been resolved.
• Rescue Media
  • Imaging exFAT file systems using the rescue media could result in a 'Backup aborted! - Volume Bitmap is NULL' failure error. This has been resolved
• Various
  Various other minor fixes and changes to improve Macrium Reflect.

[Help with Fixlist FRST (Farbar Recovery Scan Tool)]

Hello @valyante and :

Thank you for the attached and valuable analysis files. Although both can be passed through a Brazilian Portuguese to U.S. English translation app, renaming the FRST64.exe app will do it for you.

While you are waiting for your expert helper to weigh-in, please rename FRST64.exe to ENGLISHFRST64.exe and then rerun and attach those new analysis files in your next reply to this topic.

Thank you.

 

Obrigado pelos arquivos de análise anexados e valiosos. Embora ambos possam ser passados através de um aplicativo de tradução do português do Brasil para o inglês dos EUA, renomear o aplicativo FRST64.exe fará isso por você.

Enquanto você aguarda que seu auxiliar especializado pese, renomeie FRST64.exe para ENGLISHFRST64.exe e, em seguida, execute novamente e anexe esses novos arquivos de análise em sua próxima resposta a este tópico.

Obrigado.

 

[ADWCleaner 8.4.0 Opens, But Won't Scan and stuck on Loading Modules]

Hello @CheonHoPark:

If any additional logs have been written to the C:\AdwCleaner\Logs directory, please attach them in your next reply to this topic.

We can try to contact the AdwCleaner developer and ask if he has any insights on this version he released this past Monday.

Thank you.

CC: @jboursier