Mozilla Releases Firefox 18

Mozilla has released a new major version of its browser, Firefox 18.0, for Mac OS X, Linux, and Windows.  In addition to fixing 21 identified security vulnerabilities (of which 12 are rated Critical), the new version incorporates some additional features:

• Better JavaScript performance using the IonMonkey compiler
• Support for Retina displays under OS X 10.7 and up
• Preliminary support for WebRTC
• Better scaling of images in HTML
• Better performance in tab switching

Further details on the updates are available in the Release Notes.

Because of the security fixes incorporated in this release, I recommend that you update your systems as soon as you conveniently can.  You can get the new version using the update mechanism built into the browser, either automatically or via Help / About Firefox / Check for Updates.  Alternatively, you can get a complete installation package, available in more the 70 languages, from the download page.

Update Tuesday, 8 January, 21:45 EST

Ars Technica also has an article on the new version.

Adobe Patches Reader, Acrobat

As noted in a preview announcement last week, Adobe has released a Security Bulletin [APSB13-02] for its Reader and Acrobat software.  The bulletin addresses 27 identified security vulnerabilities, and is rated Critical.  According to Adobe, the affected versions of the software are:

• Adobe Reader XI (11.0.0) for Windows and Macintosh
• Adobe Reader X (10.1.4) and earlier 10.x versions for Windows and Macintosh
• Adobe Reader 9.5.2 and earlier 9.x versions for Windows and Macintosh
• Adobe Reader 9.5.1 and earlier 9.x versions for Linux
• Adobe Acrobat XI (11.0.0) for Windows and Macintosh
• Adobe Acrobat X (10.1.4) and earlier 10.x versions for Windows and Macintosh
• Adobe Acrobat 9.5.2 and earlier 9.x versions for Windows and Macintosh

For the corresponding new version numbers, please see the Security Bulletin.

Users of Reader on Windows or Mac OS X can get the new version via the update mechanism built into the software, as can Acrobat users.  Alternatively, you can download an update package for Reader for Windows here, and for Mac OS X here.  Linux users can download an installation package  (via FTP) for the new version.  Download links for the new versions of Acrobat are in the Security Bulletin.

I recommend that you update your systems as soon as you conveniently can.

Microsoft Patch Tuesday, January 2013

As expected, Microsoft today released its regular monthly batch of security bulletins and associated patches.  This month there are seven bulletins, addressing 11 identified vulnerabilities.  Two bulletins have a Critical severity rating, and five are rated Important.   Six of the bulletins are for Windows and its components; every supported version of Windows is affected.  One of these bulletins also affects Microsoft Office.

The remaining bulletin is for Microsoft server software, including SharePoint, Groove, Expression Web, and System Center; this bulletin is  rated Important.  (For a breakdown of bulletin severity by Windows version, please see this month’s preview post.)  Full details, and download links, are in the Microsoft Security Bulletin Summary for January 2013.

Microsoft says that three of the Windows bulletins will definitely require a system restart; the bulletin that affects only System Center (MS13-003) will not require a restart,  The other bulletins may require one, depending on the system’s configuration.

This release does not appear to include a patch for the recently-discovered vulnerability in Internet Explorer.  I recommend following the suggested mitigation steps that Microsoft has suggested, if you hav enot already done so.

The handlers at the SANS Internet Storm Center have posted their usual summary of the patch release, along with their severity assessments.

As usual, I recommend applying these patches to your systems as soon as you conveniently can.