Adobe Flash Player 10.1.85.3 addresses multiple vulnerabilities

” Adobe Flash Player 10.1.85.3 addresses multiple vulnerabilities in the widely-installed software for Windows, Mac, Linux, and Solaris. A corresponding update for the Android version is expected by November 9 (US time).
“Issues addressed by the update include multiple memory corruption vulnerabilities that could lead to code execution (including one that was specific to Windows and ActiveX), a denial of service vulnerability with potential for arbitrary code execution, an input validation vulnerability that could lead to a bypass of cross-domain policy file restrictions, a library-loading vulnerability with potential code execution, and an information disclosure vulnerability that was specific to Safari on Mac OS X… “

Monday, 08 November 2010

Source: iTWire
http://www.itwire.com/business-it-news/security/42984-another-flash-update-patches-multiple-vulnerabilities

 

---

Gary

---

That Ain’t Right!

The other day I had a customer who’s site would not load in Internet Explorer. It would load in Firefox, but Internet Explorer would just choke and given an usual error saying it could not load the site. At first I thought may be it was a time-out issue as I could not duplicate on our internal network. Then the customer told me they tried to load their site at their local library and with Internet Explorer with the same results. I took a look at the site on the computer we have that is not connected to our internal network and has a pure connection the Internet. Internet Explorer started loading the site, but then gave up and popped up the error unable to load.

Okay, so this issue had to be something to do with the coding. I looked the page in Firefox, nothing real fancy: simple background, some images and text. However, one thing I noticed odd was the size of the HTML file on the server. For such a simple page, the file was sure big. So I did a view source…Oh my! Soon as I saw the source this ‘blooper’ sign below from Arizona Roads came to mind (the sign was mounted upside down).

For a divided highway to end, as this sign indicates, it has to be divided in the first place

I asked the famous question, “So, how did you build this page?”. The customer replied that someone else had built it for them. They also added they had gone in and attempted to add META tags for SEO (Search Engine Optimization) purpose. Whoever built the page originally coded it rather poorly. The first issue was there was no DOCTYPE deceleration. Then I saw a closing HEAD tag, but NO opening head tag. A header is trying to be closed that hasn’t been opened in the first place. Getting past this I saw why the HTML file was so bloated. There were may be five lines of CSS declarations along with an opening BODY tag which were repeated at least twenty times (if not more). Well, no wonder Internet Explorer was having issues.

I wish I had still had Chrome installed on my machine at work, I would have loved to see how it would have handled this garbled mess of coding. Firefox ignores that bad coding and tries as best it can to still display the page. In this Firefox displayed the page perfectly, ignoring the redundant CSS declarations, missing DOCTYPE and even the improper header.

The caller also informed me that they knew just enough HTML to be dangerous (so true here) and admitted they probably made it worse when they went in to add the META Tags. Upon asking for suggestions I refereed them over to W3 Schools.

New Mozilla CEO and Firefox Updates

The big news this week is after six months of searching, Gary Kovacs, former general manager and vice president of mobile and devices at Adobe, and employee of IBM for ten years, has been appointed as the next Mozilla Corp. CEO.

Mozilla Corp. former CEO John Lilly explained why Kovacs was the most ideal replacement:

We’ve talked with many people through this process — most of them were exceptionally talented in many ways. But Gary’s a special person for the CEO role, and here’s why:

• He’s a veteran of the Web and rich media — he’s been at the center of several cycles at Macromedia/Adobe and recently Sybase/SAP
• He’s got a deep background in mobile over the last 5 years or so — that’s an incredibly important area where we’ve got a lot to prove in the coming years
• He’s been involved in changing big organizations, and with those organizations changing the bigger landscape — Macromedia, Adobe & Sybase

I am glad to see Mozilla is going to be putting more focus towards Mobile web. Just within the last couple weeks Firefox 4 Beta for Android and Maemo was released. I did find Percy’s (Mozilla Links) comments interesting and share the same thoughts in regards to Flash:

I am personally glad to see someone who knows Adobe from the inside to come aboard. I am pretty sure Adobe has serious interest in making the web a better place, and is just coming to realize the open web is an opportunity as big as the lack of rich web media features was more than a decade ago.

On the other hand we all need Adobe’s top class tools. A Flash version that outputs HTML5 code instead of SWF files would be a turning point in web history.

Now on to the subject of Firefox updates. It seems Mozilla has gone from one extreme to the other. In August and September there were 4 Beta releases for Firefox 4 and a couple updates in September for the current 3.5/3.6 builds. Firefox 4 Beta 7 (really?!) was suppose to be released at the end of September with the first Release Candidate build scheduled for this month. Right now future releases of Firefox 4 have been postponed. The upcoming Firefox 3.5/3.6 releases kept getting pushed back during the past couple weeks, the latest release date (subject to change) is October 19th. Important to note that the upcoming Firefox 3.5.14 once released will be the last update for the Firefox 3.5 builds.

No IE9 for XP

” Microsoft has ruled out putting Internet Explorer 9 on Windows XP, leaving millions of PCs open to Mozilla and Google browsers providing hardware-accelerated rich-internet.
Ryan Gavin, senior director of IE business and marketing, said Microsoft would not put IE9 hardware acceleration features in the current version of its browser, IE8, or back port IE9 to older PCs running Windows XP… “

16th September 2010

Microsoft: IE9 will never run on Windows XP • The Register

More  http://www.theregister.co.uk/2010/09/16/no_ie9_9_on_windows_xp/

New Stop/Reload/Go ‘Button’ for Firefox 4

I can not completely say this new ‘feature’ was taken from Chrome. Presently Firefox has separate stop, reload and go buttons. There are many add-ons out there such as Stop-or-Reload Button which combine the stop and reload buttons in to one button. In the upcoming Firefox 4 this is taken a step further. The ‘go button’ (which appears at the right-end of the address bar when typing an address) is being moved off the address bar and merged with a combined stop and reload button. As I said this is sort of borrowed from Google Chrome. In Chrome on the right-side of the address bar is a combined stop/go button. In IE8, there are separate reload and stop buttons to the right of the address bar.

These screenshots below from Mozilla Links show the new ‘button’:

Reload button once page has fully loaded.

Stop button while the page is loading.

Go button while entering (or editing) an address.

Percy made an interesting observation:

While it should make more sense to new users, this is no doubt going to anger more than a few long time Firefox users used to clicking next to the back button to reload or stop the current web page.

I am not sure it really makes sense to combine all three buttons. I suppose you will gain a little bit of space on the toolbar. I also understand his point about placing it on the right-side as that is where these buttons are located in IE7 and IE8 and Chrome. But Safari has a combined stop/reload button on the ‘traditional’ left side as does the current versions of Firefox along with Opera. Personally, I never use the ‘go’ button (I simply press enter after typing in my address) and seldom do I use the ‘reload button, opting instead to press F5. The good news is you are not being forced to use the 3-in-1 button, it can be ‘uncoupled’ via the Customize Toolbar window.

Fix Unresponsive Script Warning

There are times depending on what is running in the background and other Internet activity that Firefox (or Thunderbird) may get bogged down and a JavaScript may take a little longer than normal to complete. Users will get a warning similar to the one below advising that the script is unresponsive.  The reason for this is because the application thinks the script is running wild and never going to finish processing thus causing the application to freeze and/or crash. This is very similar to Windows Task Manager warning you that an application is not responding, but the application is just a bit bogged down (which commonly happens with JavaScript) and needs more time to finish what it is doing.

The ‘fix’ for this is fairly simple, just increase the amount of time before a script is considered ‘unresponsive’. This can be done in both Firefox and Thunderbird via about:config (Firefox) and the Config Editor… (Thunderbird):

Firefox

1. In a new tab type about:config in the address bar and press enter
2. In the about:config manager type dom.max_script_run_time in the Filter field
3. Double click the entry and in the in the pop-up box type 20 and press enter
4. Close the tab

Thunderbird

1. Go to Tools >> Options…
2. Click on the Advanced tab on top
3. At the bottom of the window is a section Advanced Configuration
4. Click on the Config Editor… button at the lower right
5. In the Config Editor… type dom.max_script_run_time in the Filter field
6. Double click the entry and in the in the pop-up box type 20 and press enter
7. Close the window

Source: Itchy Hands

Firefox 4 to Support ‘Silent’ Updates

One of the new features coming to Firefox 4 is going to be ‘silent’ updates. That is updates that are automatically downloaded and applied while the browser is running. Google Chrome (which Mozilla seems to be the bases for quite a bit of the new features of Firefox 4) has this as a standard behavior. Because of this though, 97% of Chrome installations are up-to-date, compared to Firefox’s 85% and Safari’s 53%.

Now before the hate comments start pouring in, let me point out a couple things:

1. Unlike Chrome, this feature can be turned off. For those users who want to be in control of their Firefox installation they can disable this feature and update the conventional way of going to Help >> Check For Updates..
2. This behavior only applies to minor updates. For example an update from Firefox 4.0.0. to 4.0.1 would be done through the ‘Silent’ update process (if enabled). Major updates such as Firefox 4.0.X to 4.5.X would be done through the current update process.

Personally, I like this feature and will likely keep in enabled when I finally move to Firefox 4. Sometimes it takes a couple days for me to update my Firefox as I am working on something when the pop-up appears for the update. I’ll go ahead and download the update but then minimize the pop-up. Since I don’t normally shut-down my system each night, I’ll forget about the update until I happen to see the ‘Software Update’ Window sitting in my taskbar. But even then I may be in the middle of something and don’t really want to take the time to restart the browser and wait for the update to be applied. Also, with the recent scare with the Fake Firefox Update Page silent/automatic updates would a good thing.

Firefox 4 is being built off the new Gecko 2.0 rendering engine and is scheduled for release later this year with a Beta 3 release scheduled for around August 11, 2010.

Source: Download Squad

Dell KACE Offers Free Secure Browser

This is FYI as I am on Linux.

“To help companies increase the safety of their Windows users’ web browsing from malicious code, including restricting direct and cross-site access to dangerous or inappropriate websites, Dell KACE has introduced the Dell KACE Secure Browser, available immediately as a free download.
The Dell KACE Secure Browser consists of a browser — currently, FireFox 3.6 — plus plug-ins — currently, Adobe Flash and Adobe Reader — plus proprietary Dell KACE “Virtual Kontainer” application virtualization technology developed as part of the company’s K1000, all packaged into one download that uses a standard Windows installer. … “

July 19, 2010
Source:  — Security — InformationWeek
 http://www.informationweek.com/news/smb/security/showArticle.jhtml?articleID=225900195&cid=RSSfeed_IWK_News

Review: 10 extensions & collections.

The choice of Firefox extensions is no longer confined to stand-alone tools, but now also takes in a number of handy collections, says Jack Wallen.
Firefox has added collections to the choice of useful extensions since the last time I looked at this topic. Collections bring together related extensions. So here is my latest list of worthwhile collections and stand-alone tools.

Jack Wallen, TechRepublic, 16 July, 2010 12:48

Source: Workspace IT | ZDNet UK
  http://www.zdnet.co.uk/news/workspace-it/2010/07/16/ten-extensions-that-give-firefox-new-reach-40089547/

Fix Last Pass Freezing Firefox

” …Some users were reporting problems with Last Pass, most of them were running a 64-bit edition of Windows 7… “ Fix Last Pass Freezing Firefox Source: http://www.ghacks.net/2010/07/15/fix-last-pass-freezing-firefox/