Firefox 3.5.1 now released

The first bug fix release of Firefox 3.5 has been released today. Get FF 3.5.1 here.
This version fixes a critical security flaw mentioned here.

Firefox 3.5 has been officially released

A little over a year since Firefox 3.0 was released back in mid June 2008, Firefox 3.5 has been released. Get it here:
http://www.mozilla.com/en-US/

Firefox 3.5 RC 1 now available

Mozilla has just released Firefox 3.5 Release Candidate 1. Note that this isn’t quite the final product yet but beta testers are welcome to test it out.

Firefox 3.0.11 released late last week

Mozilla has posted Firefox 3.0.11 late last week. This version fixes 11 security vulnerabilities as mentioned in this ZDNet blog.

For those using Firefox, start updating to the latest release immediately.

MS-DEFCON 2: PowerPoint Patch Posted

Black Tuesdays just aren’t as exciting as they once were.

This month, we get just one security bulletin – and it’s only really important if you use PowerPoint 2000.

Hang in there. Let’s see if MS gets all of the problems ironed out with the earlier patches.

We’re still at MS-DEFCON 2: Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it.

Windows Vista Service Pack 2 is available – but only on MSDN and TechNet

As I erroneously announced a few days ago, Windows Vista Service Pack 2 is now available for download, but only if you subscribe to (and pay for) Microsoft’s MSDN or TechNet services.

The official description:

Windows Vista Service Pack 2 and Windows Server 2008 Service Pack 2 for all editions (x86, x64, i64) – DVD (English, French, German, Japanese, Spanish)

I expect it’ll be posted for general download in the next week or so.

I continue to advise you to hold off on the patch. It’s a biggie, and it’s bound to have a few teething problems.

Firefox 3.5 Beta 4 and 3.0.10 Now Available

For those of you who have beta tested Firefox 3.1 beta 3 back in mid-March, Mozilla has just released Firefox 3.5 Beta 4 on their beta page. The folks at Mozilla decided to make a version number change from 3.1 to 3.5 when beta 4 was going to be released.

And for those using Firefox 3.0 [yup, Woody has been reminding you Windows users to use Firefox], version 3.0.10 has been released at this Mozilla.com page. This one fixes one major security flaw mentioned in MFSA security bulletin 2009-23 and improves stability from the previous release of Firefox 3.0.

MS-DEFCON 4: Watch out, but go ahead and install April patches

The crop of April Black Tuesday patches looks reasonably stable. The SANS Internet Storm Center reports that Symantec has raised an alert about possible MS09-013 / KB 960803 based infections – “but it could also be old vulnerabilities from 2002 (both Apache and IIS).” MS09-013 and MS09-014 are the (now expectable) monthly humongous Internet Explorer patches.

There are known problems with all of the following:

MS09-010 / KB 960477 Wordpad and Office converter patches may refuse to install, and they change the way Wordpad handles Word 6 and Write files. When you install this patch, go ahead and install the new Office Compatibility Pack immediately after. I haven’t seen any advice as to whether the new Compatibility Pack eliminates the need to install MS09-010 or not, so to be safe, install the patch, then the new converters.

MS09-014 / KB 963027, the massive Internet Explorer patch, may trigger a bogus “Connection Denied” message which requires a Registry change to eliminate. Of course, you’re using Firefox, so you aren’t overly concerned. Go ahead and patch.

MS09-015 / KB 959426 has an interesting problem: if you install the patch on a Windows 2000 computer, you have to dig into the Registry to make the patch work. Kinda makes me feel warm and fuzzy about the testing that goes into these patches…

At any rate, I’m moving us to MS-DEFCON 4: There are isolated problems with current patches, but they are well-known and documented here. Check this site to see if you’re affected and if things look OK, go ahead and patch.

I still recommend that you HOLD OFF on these patches:

KB 951847 is a mess of a patch of a patch of a patch of the .NET Framework in Windows XP. I’m beginning to think that it’ll never get fixed – you’re better off waiting until you upgrade to Vista or (better) Windows 7, which have .NET baked in, or wait until Microsoft releases a new version of .NET.

KB 960715, the ActiveX killbit update, still breaks many programs. I don’t think the cure is any better than the disease. Of course, you’re using Firefox (or Chrome) – or any Web browser that doesn’t directly expose your machine to ActiveX infections, right?

KB 967715, the Conficker-killer that doesn’t work, is worth installing, but make sure you understand its limitations, as I posted in mid-March.

I’m still ambivalent about Windows XP Service Pack 3, KB 936929. If you’ve been keeping up on all of your patches, it’s a toss-up. If you decide to install it, and you have problems, be sure to check out Microsoft’s Knowledge Base article KB 950718.

I’m also ambivalent about Internet Explorer 8. Mark Edwards has a good analysis of the situation on the Windows Secrets web site.