Jump to content

1PW

Trusted Advisors
 View Profile  See their activity

  • Posts

    12,054

  • Joined

  • Days Won

    42

 Content Type 

Posts posted by 1PW

    Tor Browser

    in General Software and Security Updates

    Posted

    The Tor Browser 13.0.8 (All Platforms) has been released. (21-December-2023)
    Tor Browser 13.0.8 is now available from the Tor Browser download page and also from our distribution directory.

    Blog/Announcement | Full Changelog |

    Quote

    The full changelog since Tor Browser 13.0.7 is:

     

     

    • Like 1

    IrfanView Graphic Viewer

    in General Software and Security Updates

    Posted

    IrfanView | Home | 64-Bit Download | Changelog | FAQ | Forum |

    IrfanView 4.66 has been released. (20-December-2023)

    Quote

    There were numerous changes, here are only the more important things.

    Version 4.66 (- CURRENT VERSION -)

    (Release date: 2023-12-20)

    • Fixed problem with network paths in Save-As dialog>
    • Fix for text alignment in Insert Text dialog (selection/canvas)
    • SVG PlugIn loading bugs fixed (thanks to nerty_nerty)
    • Download the newest PlugIns version from:
      https://www.irfanview.com/plugins.htm

     

    • Thanks 1

    Mullvad Browser

    in General Software and Security Updates

    Posted · Edited by 1PW

    Mullvad Browser 13.0.7 has been released. (19-December-2023)

    Blog | Changelog | Update: Auto-update or download.

    Quote

    All Platforms

    Updated Firefox to 115.6.0esr

    • Bug 42042: view-source:http://ip-address does not work because of HTTPS Only [tor-browser]

    Build System

    All Platforms

    • Bug 40884: Script to automate uploading sha256s and signatures to location signing/download-unsigned-sha256sums-gpg-signatures-from-people-tpo expects them to be [tor-browser-build]
    • Bug 41026: Do not use ~ when uploading the signed hashes [tor-browser-build]
    • Bug 41039: Update tools/signing/upload-update_responses-to-staticiforme to keep download-*json files from previous release when new release does not include them [tor-browser-build]

    macOS

    • Bug 40990: Remove old macOS signing scripts [tor-browser-build]

     

     

    • Thanks 1

    Tor Browser

    in General Software and Security Updates

    Posted

    The Tor Browser 13.0.7 (All Platforms) has been released. (19-December-2023)
    Tor Browser 13.0.7 is now available from the Tor Browser download page and also from our distribution directory.

    Blog/Announcement | Full Changelog |

    Quote

    Full changelog

    The full changelog since Tor Browser 13.0.6 is:

     

     

    • Like 1
    • Thanks 1

    Firefox 125.0.3 release now available

    in Firefox

    Posted

    Security Vulnerabilities fixed in Firefox 121 - MFSA 2023-56

    18 Security fixes: 5 High, 8 Moderate and 5 Low-impact fixes.

    Quote

    Mozilla Foundation Security Advisory 2023-56

    Security Vulnerabilities fixed in Firefox 121

    Announced
    December 19, 2023
    Impact
    high
    Products
    Firefox
    Fixed in
    • Firefox 121

    #CVE-2023-6856: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver

    Reporter
    DoHyun Lee
    Impact
    high
    Description

    The WebGL DrawElementsInstanced method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape.

    References

    #CVE-2023-6135: NSS susceptible to "Minerva" attack

    Reporter
    George Pantela (Red Hat) and Hubert Kario (Red Hat)
    Impact
    high
    Description

    Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". This attack could potentially allow an attacker to recover the private key.

    References

    #CVE-2023-6865: Potential exposure of uninitialized data in EncryptingOutputStream

    Reporter
    Jan Varga
    Impact
    high
    Description

    EncryptingOutputStream was susceptible to exposing uninitialized data. This issue could only be abused in order to write data to a local disk which may have implications for private browsing mode.

    References

    #CVE-2023-6857: Symlinks may resolve to smaller than expected buffers

    Reporter
    Jed Davis
    Impact
    moderate
    Description

    When resolving a symlink, a race may occur where the buffer passed to readlink may actually be smaller than necessary.
    This bug only affects Firefox on Unix-based operating systems (Android, Linux, MacOS). Windows is unaffected.

    References

    #CVE-2023-6858: Heap buffer overflow in nsTextFragment

    Reporter
    Irvan Kurniawan
    Impact
    moderate
    Description

    Firefox was susceptible to a heap buffer overflow in nsTextFragment due to insufficient OOM handling.

    References

    #CVE-2023-6859: Use-after-free in PR_GetIdentitiesLayer

    Reporter
    Irvan Kurniawan
    Impact
    moderate
    Description

    A use-after-free condition affected TLS socket creation when under memory pressure.

    References

    #CVE-2023-6866: TypedArrays lack sufficient exception handling

    Reporter
    Tom Schuster
    Impact
    moderate
    Description

    TypedArrays can be fallible and lacked proper exception handling. This could lead to abuse in other APIs which expect TypedArrays to always succeed.

    References

    #CVE-2023-6860: Potential sandbox escape due to VideoBridge lack of texture validation

    Reporter
    Andrew Osmond
    Impact
    moderate
    Description

    The VideoBridge allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox.

    References

    #CVE-2023-6867: Clickjacking permission prompts using the popup transition

    Reporter
    Hafiizh
    Impact
    moderate
    Description

    The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear.

    References

    #CVE-2023-6861: Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode

    Reporter
    Yangkang of 360 ATA Team
    Impact
    moderate
    Description

    The nsWindow::PickerOpen(void) method was susceptible to a heap buffer overflow when running in headless mode.

    References

    #CVE-2023-6868: WebPush requests on Firefox for Android did not require VAPID key

    Reporter
    John-Mark Gurney
    Impact
    moderate
    Description

    In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties.
    This bug only affects Firefox on Android.

    References

    #CVE-2023-6869: Content can paint outside of sandboxed iframe

    Reporter
    Oriol Brufau
    Impact
    low
    Description

    A <dialog> element could have been manipulated to paint content outside of a sandboxed iframe. This could allow untrusted content to display under the guise of trusted content.

    References

    #CVE-2023-6870: Android Toast notifications may obscure fullscreen event notifications

    Reporter
    Hafiizh
    Impact
    low
    Description

    Applications which spawn a Toast notification in a background thread may have obscured fullscreen notifications displayed by Firefox.
    This issue only affects Android versions of Firefox and Firefox Focus.

    References

    #CVE-2023-6871: Lack of protocol handler warning in some instances

    Reporter
    Roy Gunsen
    Impact
    low
    Description

    Under certain conditions, Firefox did not display a warning when a user attempted to navigate to a new protocol handler.

    References

    #CVE-2023-6872: Browsing history leaked to syslogs via GNOME

    Reporter
    honorton via Tor Browser
    Impact
    low
    Description

    Browser tab titles were being leaked by GNOME to system logs. This could potentially expose the browsing habits of users running in a private tab.

    References

    #CVE-2023-6863: Undefined behavior in ShutdownObserver()

    Reporter
    Ronald Crane
    Impact
    low
    Description

    The ShutdownObserver() was susceptible to potentially undefined behavior due to its reliance on a dynamic type that lacked a virtual destructor.

    References

    #CVE-2023-6864: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6

    Reporter
    Andrew McCreight, the Mozilla Fuzzing Team, Randell Jesup, Valentin Gosu (he/him), Karl Tomlinson
    Impact
    high
    Description

    Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

    References

    #CVE-2023-6873: Memory safety bugs fixed in Firefox 121

    Reporter
    Andrew McCreight, Yury Delendik
    Impact
    high
    Description

    Memory safety bugs present in Firefox 120. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

    References

     

    • Like 1
    • Thanks 1

    Bruce Schneier's Crypto-Gram

    in General Chat

    Posted

    Schneier on Security: 15-December-2023

    Quote

    In this issue:

    1. New SSH Vulnerability
    2. Leaving Authentication Credentials in Public Code
    3. FTC’s Voice Cloning Challenge
    4. Ransomware Gang Files SEC Complaint
    5. Using Generative AI for Surveillance
    6. Email Security Flaw Found in the Wild
    7. Apple to Add Manual Authentication to iMessage
    8. LitterDrifter USB Worm
    9. Chocolate Swiss Army Knife
    10. Secret White House Warrantless Surveillance Program
    11. Digital Car Keys Are Coming
    12. Breaking Laptop Fingerprint Sensors
    13. Extracting GPT’s Training Data
    14. AI Decides to Engage in Insider Trading
    15. AI and Trust
    16. AI and Mass Spying
    17. Security Analysis of a Thirteenth-Century Venetian Election Protocol
    18. Spying through Push Notifications
    19. New Bluetooth Attack
    20. Facebook Enables Messenger End-to-End Encryption by Default
    21. New Windows/Linux Firmware Attack
    22. Surveillance by the US Postal Service
    23. Surveillance Cameras Disguised as Clothes Hooks

     

    • Like 2

    Malwarebytes Windows Firewall Control (WFC)

    in General Software and Security Updates

    Posted

    Malwarebytes Windows Firewall Control (WFC) 6.9.9.1 has been released. (14-December-2023)

    Homepage | Download | Change History | FAQ | User Guide | Support | Forum

    Announcement |

    Quote
    Windows Firewall Control v.6.9.9.1

    Change log:
    - Improved: The notification dialog was updated to be able to add a notification exception for the full path too.
    - Improved: Loading time was decreased for Rules Panel and Connections Log with a new cache mechanism for program icons.
    - Fixed: Rules Panel may crash if there are hundreds of firewall rules and the rules are scrolled up and down multiple times.

    There is just one new translation string 248 = Exclude full path which I already updated in all included language files.

    Download location: https://binisoft.org/download/wfc6setup.exe
    SHA256: cef52f11a0e28d7eb02012f45ca5947d6fed094cbcf7ed2935ed1be15d3db325
    SHA512: d6024384fa9c1d581fde3c148bdbc37da6608bfe3b4752a63aa43274adce525175bc493f93ef7e37a73294b324db0cb34b6871e6beb186774dda8d25abb5c855

    Thank you for your feedback and your support,
    Alexandru Dicu

    This is the last release for this year. I am running out of version numbers :) The next big change is dark theme support which requires a lot of work. This will be included in version 7 which will come next year. Happy holidays to all of you!

    P.S. In case someone needs the previous version, it can be downloaded from: https://binisoft.org/download/old/6990/wfc6setup.exe
     

     

    • Like 1
    • Thanks 1

    NoScript

    in General Software and Security Updates

    Posted · Edited by 1PW

    NoScript | Homepage | Changelog | Download | FAQ | Forum |

    NoScript stable 11.4.29 has been released. (11-December-2023)

    Autoupdate or Download

    Quote 
    v 11.4.29
============================================================
x [nscl] Updated TLDs
x [nscl] Improved reliability of TLD updater
x Removed theme.js console noise
x Fix beta channel updates breakage due to
  browser_specific_settings override
x [nscl] Several content-side performance improvements
x Reduce synchronous policy retrieval impact on file: and
  ftp: document loading performance
x More commands for which a keyboard shortcut can be
  configured
x [L10n] Updated de, fi, mk, nl, pl, ru, sq, tr, uk,
  pt_BR, zh_CN, zh_TW
x Explicit Android compatibility declaration

     

    • Thanks 1

    IsoBuster

    in General Software and Security Updates

    Posted

    IsoBuster 5.3 has been released. (11-December-2023)

    IsoBuster | Home | Download | Betas | News | Help | Tips | Support | Site Map |

    Quote
    December 11, 2023

    I'm very happy to announce the release of IsoBuster 5.3.

    Check out the many improvements and new functionality, such as improved DVR support, improved partition parsing, spanned gz files, gzndx files, XA extraction from CD and much more.

    Best let the below list do the talking:

    Important:

    We had to renew our signing certificate again (which is every 3 years) so if you see the annoying “SmartScreen” dialog saying “Windows protected your PC” (blah blah) then please click the “More info” link and next the “Run anyway” button. I'm afraid we all need to train Windows SmartScreen again for a while (sadly). The more people deem it OK, the faster this dialog will go away for everyone.

    Changes / New:

    • Support for the Toshiba RD-H100 DTKF DVR
    • Create and Load *.gzndx files to speed up opening *.gz files for random access
    • Spanned *.gz files' support: *.gz.001, *.gz.002, ..
    • Full support for *.gz files referenced from a CUE file
    • Full support for *.gz files referenced from an IMLST file
    • XA Extraction (2336 bytes per block) from CDs with Mode 2 tracks (Files, Image files, CUE etc.)
    • New Command line parameter /setsp: to change the optical drive's speed
    • New Command line parameter /lprogress: to dump the progress dialog progress in a file, so that external processes can track progress
    • PS3 partition parsing on decrypted disks with support for embedded 'OtherOS' partition tables (MBR, GPT, ..)
    • Show PS3 OtherOS bootloader in its dedicated PS3 partition
    • Show Linux Swap file in its dedicated partition
    • Ability to Load and/or Export a Partition list (*.ibpt), to map your partition layout against a drive or image file [Professional license]
    • Support for \\*\virtual:size:pattern files which are virtual files that can be added before, after or in the middle of spanned files

    Improvements:

    • Find all files and folders in FAT 12 and FAT 16 volumes that were not correctly formatted according to the specifications
    • Find Panasonic, Philips, Magnavox, ReplayTV and other DVR file systems on previously Windows' formatted disks that still have a valid backup GPT partition table
    • BSD partition parsing improved by taking in account the different flavors (FreeBSD vs. OpenBSD / NetBSD)
    • Automatic creation of a CUE Sheet can be set to 'always' except when there's only one track
    • More extensions that match the Mac Creator / Type fields can be assigned
    • Put up a dialog when IsoBuster is being closed [X] and when it's still scanning or searching
    • Show more metadata for Pioneer DVR file systems
    • Prompt after multiple files' extraction, when there were read errors that required user intervention
    • Improved detection of Windows changing the style from dark to light (or vice versa)
    • When you open a regular (non image) *.gz file, IsoBuster allows you to extract the file (since it did all the work already anyway)
    • *.gzip files are recognized as *.gz files
    • Show *.imlst files in recently opened image files (rather than the first file in the imlst)
    • Improvements to assign file systems to the correct CD track after a scan for missing files and folders
    • Tracks and Partitions take on the 'Compressed' property when located in compressed image files
    • Show the type of encryption that was encountered in the (right-hand side) ListView when you select an encrypted track or partition (e.g., BitLocker)
    • Introduced {%NOBOM} in the file export functionality so that a text with BOM-able CodePage (e.g., {%UTF8}) can also be written without the BOM
    • Added the command /scan:nofs to only /scan when no file systems could be found
    • Do not create a separate UDF file system for UDF system streams, instead, add the streams as metadata to the regular UDF File System
    • Leverage the stored CurrentLBA in GPT backup data to determine its relative position (should it be nested in a partition, or shifted somehow)
    • Option to show the W11-style smoke effect underneath certain dialogs
    • Plenty of other tweaks and improvements

    Fixes:

    • Fixed a crash when reading blocks outside the on the fly decompressed *.gz range
    • Fixed a file addressing issue for Pioneer DVRs (OEM, also Sony etc.) when many recordings had been deleted
    • Folder file-names should not get the extension '.mpg' when extracted with the 'only MPEG' filter
    • Fixed setting the CD Read Speed to the lowest speed (would not work on all drives)
    • Fixed issue that prevented listing files found based on their signature on partitions > 1 TB
    • Fixed it so that orphaned EXT file systems with a logical block size > 1024 get assigned a correct partition address

     

    • Thanks 2

    Tor Expert Bundle

    in General Software and Security Updates

    Posted

    The Tor Expert Bundle 0.4.8.10 has been released. (08-December-2023)

    Homepage | Changelog, Bundle Download, Checksum, Sig | Repository | Verify | FAQ | Newsletter | 

    Changes in version 0.4.8.10 - 2023-12-08
  This is a security release fixing a high severity bug (TROVE-2023-007)
  affecting Exit relays supporting Conflux. We strongly recommend to update as
  soon as possible.

  o Major bugfixes (TROVE-2023-007, exit):
    - Improper error propagation from a safety check in conflux leg
      linking lead to a desynchronization of which legs were part of a
      conflux set, ultimately causing a UAF and NULL pointer dereference
      crash on Exit relays. Fixes bug 40897; bugfix on 0.4.8.1-alpha.

  o Minor features (fallbackdir):
    - Regenerate fallback directories generated on December 08, 2023.

  o Minor features (geoip data):
    - Update the geoip files to match the IPFire Location Database, as
      retrieved on 2023/12/08.

  o Minor bugfixes (bridges, statistics):
    - Correctly report statistics for client count over Pluggable
      transport. Fixes bug 40871; bugfix on 0.4.8.4

    • Like 1
    • Thanks 1

    IrfanView Graphic Viewer

    in General Software and Security Updates

    Posted

    IrfanView | Home | 64-Bit Download | Changelog | FAQ | Forum |

    IrfanView 4.65 has been released. (09-December-2023)

    There were numerous changes, here are only the more important things.

    Version 4.65 ( - CURRENT VERSION - )

    (Release date: 2023-12-09)

    • Option for Dark mode: Properties⇾Viewing (works best with Windows 10/11)
      (thanks to Richard Yu, Stephen Eckels, adzm)
    • New option in the Insert Text dialog: Text rotation (90 deg for vertical text)
    • New in Slideshow dialog: Option to set different time for each file
      (new button: “Change time” for selected files)
    • “Paste into Selection”: Second paste (CTRL+V) will also apply the image
    • New Hotkey after “Paste into selection”:
      SHIFT + Click within selection: Apply pasted image and keep selection
    • New Edit menu: Apply image effects to inverted selection (non-selected area)
    • New option in Properties⇾Editing: Set custom filename for pasted image
    • Option to read XMP data in the IPTC dialog (thanks to Lee Thomason)
    • New Histogram effects in Effects Browser dialog (thanks to Richard Heurtley)
    • Improved support for tabs in text in the Insert Text dialog (CTRL + Tab)
    • New PlugIn for AVIF format
    • The Replace File dialog shows a preview of both images
    • The Fine Rotation dialog can be resized
    • New in Fine Rotation dialog: draw a straight line to rotate
    • The Histogram dialog can be resized (Local dark mode using right button)
    • Slideshow/Automatic mode will suspend system sleep while running
    • Command line: “/append” will append all pages from the input file (if “/page” option is not used)
    • SVG PlugIn loading bugs fixed (thanks to nerty_nerty)
    • JP2 PlugIn loading bug fixed (CVE-2023-26974, thanks to overXsky)
    • Several PlugIns are changed/updated, please install the newest versions:
      https://www.irfanview.com/plugins.htm

    • Like 1

    Sysinternals Suite

    in General Software and Security Updates

    Posted

    Microsoft's Sysinternals Suite 2023.07.12 was released on 07-December-2023.

    Release Notes and Downloads |

    Sysinternals Suite 2023.07.12

    Sysinternals Suite 2023.07.12 changelog:

    • ProcDump 3.0 for Linux - This update to ProcDump for Linux adds memory leak tracking and reporting.

    • Sysmon 1.3.2 for Linux - This update to Sysmon for Linux fixes a stack overflow bug.

    Download: Sysinternals Suite 2023.07.12 | 50.6 MB (Freeware)
    Download: Sysinternals Suite for ARM64 | 15.0 MB
    Link: Sysinternals Suite Home Page

    • Thanks 1

    uBlock Origin (uBO)

    in General Software and Security Updates

    Posted

    uBO 1.54.0 was released on 22-November-2023.

    Download: Autoupdate or install from the browser's Add-ons source.

    Quote

    Fixes / changes

     

    • Thanks 1

    LibreOffice

    in General Software and Security Updates

    Posted

    The latest Fresh Branch 7.6.4.1 has been released. (07-December-2023)

    The latest Still Branch 7.5.9.1 has been released. (07-December-2023)

    Release Notes | Fresh & Still Branch Downloads | Blog |

    Berlin, December 7, 2023 – LibreOffice 7.6.4 Community and LibreOffice 7.5.9 Community are immediately available from www.libreoffice.org/download for Windows (Intel/AMD/ARM processors), macOS (Apple Silicon and Intel processors), and Linux [1].

    LibreOffice 7.6.4 Community is the most advanced version of the office suite, and offers the best in terms of productivity functions and interoperability with Microsoft Office proprietary formats.

    LibreOffice 7.5.9 Community is the most thoroughly tested version of the suite, for productivity applications in the enterprise environment, but has now reached the end of its life, so users are invited to plan the upgrade to LibreOffice 7.6.4 Community, which has also been tested and sought after enough for production environments.

    For enterprise-class deployments, TDF strongly recommends the LibreOffice Enterprise family of applications from ecosystem partners – for desktop, mobile and cloud – with a large number of dedicated value-added features and other benefits such as SLA (Service Level Agreements): www.libreoffice.org/download/libreoffice-in-business/.

    • Like 1
    • Thanks 1

    cURL

    in General Software and Security Updates

    Posted · Edited by 1PW

    cURL and libcurl 8.5.0 have been released. (06-December-2023)

    Download | News | Releaselogs | Changelog | Release Video |

    2 Changes and 183 Bugfixes.

    Quote

    Fixed in 8.5.0 - December 6 2023

    Changes:

    Bugfixes:

    • Like 1

    Mullvad Browser

    in General Software and Security Updates

    Posted

    Mullvad Browser 13.0.6 has been released. (06-December-2023)

    Blog | Changelog | Update: Auto-update or download.

    Quote

    All Platforms

    • Bug 42288: Allow language spoofing in status messages [tor-browser]
    • Updated uBlock Origin to 1.54.0

    Linux

    • Bug 17560: Downloaded URLs disk leak on Linux [tor-browser]
    • Bug 42306: Tor Browser crashes when extensions popups are opened with Wayland enabled [tor-browser]
    • Bug 41017: Disable Nvidia shader cache [tor-browser-build]

    Build System

    All Platforms

    • Bug 41027: Remove tb-build-04 and tb-build-05 from tools/signing/download-unsigned-sha256sums-gpg-signatures-from-people-tpo [tor-browser-build]
    • Bug 40936: Revert tor-browser-build#40933 [tor-browser-build]
    • Bug 40970: Missing symlink create-blog-post.torbrowser -> create-blog-post symlink [tor-browser-build]
    • Bug 40995: Use cdn.stagemole.eu instead of cdn.devmole.eu in download-unsigned-sha256sums-gpg-signatures-from-people-tpo [tor-browser-build]
    • Bug 40063: RBM's chroot fails in Fedora [rbm]
    • Bug 40064: Using exec on project with no git_url/hg_url is causing warning [rbm]
    • Windows + macOS + Linux
    • Bug 41031: Add command to unsign .mar files and compare with sha256sums-unsigned-build.txt [tor-browser-build]

    Windows

    • Bug 41030: Add command to unsign .exe files and compare with sha256sums-unsigned-build.txt [tor-browser-build]

     

    • Thanks 1

    Tor Browser

    in General Software and Security Updates

    Posted

    The Tor Browser 13.0.6 (All Platforms) has been released. (05-December-2023)
    Tor Browser 13.0.6 is now available from the Tor Browser download page and also from our distribution directory.

    Blog/Announcement | Full Changelog |

    Full changelog

    The full changelog since Tor Browser 13.0.5 is:

    • Thanks 1
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.