Mozilla Releases Firefox 21, Updates Thunderbird

May 14, 2013

Not wishing, apparently, to be left out of the Patch Tuesday festivities, Mozilla today released the next major version, 21.0,  of its Firefox browser for Mac OS X, Windows, and Linux.  This version fixes eight security vulnerabilities, three of which Mozilla rates as critical.  The new version also incorporates some new features, including:

  • Enhanced “Do Not Track” interface
  • Support for multiple providers in the Social API
  • Suggestions on how to improve application start-up time, if needed

Further information on the new version is available in the Release Notes.  You can download installation packages, in a variety of (human) languages.

Mozilla also released a new version, 17.0.6, of its Thunderbird E-mail client, for all platforms.  The new version provides an update to the Twitter API is uses, and also fixes six security vulnerabilities, three of which Mozilla rates as serious.  Further information is available in the Release Notes.  You can download installation packages for all languages and platforms.

Because of the security content of these releases, I suggest updating your systems as soon as it’s convenient.


Microsoft Patch Tuesday, May 2013

May 14, 2013

As expected, Microsoft today released its regular monthly batch of security bulletins and associated patches.  This month there are ten bulletins, addressing 32 identified vulnerabilities.    Two bulletins have a Critical severity rating, and the remaining eight are rated Important.   Five of the bulletins are for Windows and its components; every supported version of Windows is affected, and all desktop versions have one or more Critical vulnerabilities.

The remaining five bulletins, all of which are rated Important, apply to other Microsoft software products.   There are three bulletins for Microsoft Office and its components (including Word Viewer).  Microsoft Lync has one bulletin, and there is one for Windows Essentials.

Microsoft says that three of the Windows bulletins will definitely require a system reboot, and the others may require one, depending on the configuration of your system.

For more detailed information, and download links, please see the Microsoft Security Bulletin Summary for May 2013.

As usual, I recommend applying these patches to your systems as soon as you conveniently can.

The handlers at the SANS Internet Storm Center have posted their usual summary and evaluation of this month’s patches.

Update Tuesday, May 14, 14:40 EDT

According to the folks at the SANS Internet Storm Center, one of these bulletins, MS13-038, which applies to Internet Explorer 8, fixes a vulnerability that is being exploited currently.


Critical Updates for Adobe Reader, Acrobat — and Flash

May 14, 2013

As expected, Adobe has released new versions of its Acrobat and Reader software, incorporating critical security updates.  There is also a critical update for Flash Player, though this was not included in the preview announcement.

The updates for Reader and Acrobat address a total of 27 identified vulnerabilities. According to the Security Bulletin [APSB 13-15], the vulnerable versions of Acrobat and Reader are:

  • Adobe Reader XI (11.0.02) and earlier 11.x versions for Windows and Macintosh
  • Adobe Reader X (10.1.6) and earlier 10.x versions for Windows and Macintosh
  • Adobe Reader 9.5.4 and earlier 9.x versions for Windows, Macintosh and Linux
  • Adobe Acrobat XI (11.0.02) and earlier 11.x versions for Windows and Macintosh
  • Adobe Acrobat X (10.1.6) and earlier 10.x versions for Windows and Macintosh
  • Adobe Acrobat 9.5.4 and earlier 9.x versions for Windows and Macintosh

The Security Bulletin lists the appropriate new versions for these. Users of Reader or Acrobat on Windows or Mac OS X can get the new version via the update mechanism built into the software, which is set to check for updates automatically by default; to initiate a check manually, choose Help / Check for Updates from the product menu. Alternatively, you can download appropriate Reader updates from these links:

Please see the Security Bulletin for Acrobat update downloads, and for further details.

As noted above, Adobe has also released Critical updates for Flash Player; according to the Security Bulletin [ASPB 13-14], these fixes address 13 identified vulnerabilities. Affected versions of the software are:

  • Adobe Flash Player 11.7.700.169 and earlier versions for Windows and Macintosh
  • Adobe Flash Player 11.2.202.280 and earlier versions for Linux
  • Adobe Flash Player 11.1.115.54 and earlier versions for Android 4.x
  • Adobe Flash Player 11.1.111.50 and earlier versions for Android 3.x and 2.x
  • Adobe AIR 3.7.0.1530 and earlier versions for Windows and Macintosh
  • Adobe AIR 3.7.0.1660 and earlier versions for Android
  • Adobe AIR 3.7.0.1530 SDK & Compiler and earlier versions

Users on Windows or Mac OS X systems should received the update automatically, if they have enabled the option “Allow Adobe to install updates”. Otherwise, they can obtain the new version from the Flash Player Download Center, as can Linux users. Please see the Security Bulletin for Android updates. Google Chrome ships with its own version of Flash Player, and I would expect a new version of Chrome, incorporating these updates, to appear “real soon now”. I’ll update this post when it’s available.

Because they are so widely installed across platforms, Reader and Flash Player have been tempting targets for the Bad Guys. I suggest that you update your systems as soon as you conveniently can.

Update Tuesday, 14 May, 13:05 EDT

According to a post on the Chrome Releases blog, Google is now pushing Flash Player updates for the Windows and Mac versions of Chrome.  (Mea culpa: I had forgotten that they had added to capability to update things like Flash without doing a whole new version.)


%d bloggers like this: