Updates 11/8/11 - Microsoft Tuesday, Firefox 8, SpywareBlaster, Shockwave

Firefox 8  has been released today --- you can update via the internal updater (Help / About Firefox / Check for Updates).  

As a reminder:   During the installation process, FF will test for compatibility of your existing add-ons with the new version, and advise you of potential conflicts (which, if you continue, will be disabled).   If there's an add-on you "just can't live without", you might want to delay installing FF until that add-on is also updated.   In my case, my main add-ons (WOT 2001-07-04, KeyScramber 2.8.2, & Yahoo Toolbar 2.4.1) were all compatible :emotion-1:

"The biggest new feature is that Firefox itself now handles third party add-on installations to avoid security problems from sketchy extensions. Also included in the new version is built-in support to search Twitter messages in the browser's address bar." -- http://lifehacker.com/5856826/firefox-8-now-available

The following was copied/pasted from http://en.wikipedia.org/wiki/Firefox_8#Expected_Release_Dates :

Version 8.0

Firefox 8 on Windows 7

• Add-ons installed by third-party programs are now disabled by default
• Added a one-time add-on selection dialog to manage previously installed add-ons
• Added Twitter to the search bar
• Added a preference to load tabs on demand, improving start-up time when windows are restored
• Improved performance and memory handling when using and
• Added Cross-Origin Resource Sharing (CORS) support for cross-domain textures in WebGL
• Added support for HTML5 context menus
• Added support for insertAdjacentHTML
• Improved CSS hyphen support for many languages
• Improved WebSocket support
• Fixed several stability issues

=========================================================================

EDIT:   Security Update Advisory (from http://www.mozilla.org/security/known-vulnerabilities/firefox.html#firefox8 )

Fixed in Firefox 8

MFSA 2011-52 Code execution via NoWaiverWrapper
MFSA 2011-51 Cross-origin image theft on Mac with integrated Intel GPU
MFSA 2011-50 Cross-origin data theft using canvas and Windows D2D
MFSA 2011-49 Memory corruption while profiling using Firebug
MFSA 2011-48 Miscellaneous memory safety hazards (rv:8.0)
MFSA 2011-47 Potential XSS against sites using Shift-JIS

Adobe Shockwave Player : 

Note:  Shockwave is NOT a required program.   It is primarily used by "gamers".   [Emphasize that Shockwave player is completely separate from Flash Player, which IS commonly used.]   If you don't already have Shockwave installed/running on your system, then odds are you don't  want to get it now.   But for those of you who do have/run it:

Critical vulnerabilities have been identified in Adobe Shockwave Player 11.6.1.629 and earlier versions on the Windows and Macintosh operating systems. These vulnerabilities could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system

Adobe recommends users of Adobe Shockwave Player 11.6.1.629 and earlier versions upgrade to the newest version 11.6.3.633 available here: http://get.adobe.com/shockwave/.

Source:  http://www.adobe.com/support/security/bulletins/apsb11-27.html

After releasing Firefox 8, i am waiting for Thunderbird 8. Recently Mozilla releases Thunderbird some days after Firefox. Can you predict when can we expect it?

This month's Malicious Software Removal Tool (MSRT, or MRT) adds detection/removal of:

Win32/Dofoil - a family of trojans that connects to a remote site and downloads and executes arbitrary files.

Win32/Carberp - a family of trojans that may be delivered via malicious code, for instance by variants of Exploit:JS/Blacole. The trojan downloads other Win32/Carberp components to execute payload code such as stealing online banking credentials and log on data from numerous other software applications, downloading and executing arbitrary files, exporting installed certificates, capturing screen shots and logging keystrokes.

Win32/Cridex - malware that may be delivered via spammed malware such as TrojanDownloader:Win32/Skidlo.A, or by other malicious code such as variants of Exploit:JS/Blacole. The malware could spread to removable drives, steal local certificates, capture online banking credential entered via web browsers, download and execute files, and search and upload local files.

Thunderbird 8 is available now. Update through internal updater (Help > About Thunderbird in the main menubar), or downlad from the link below.

www.mozilla.org/.../all.html

This month's Windows Updates:

CRITICAL:       MS11-083 Vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

IMPORTANT:   MS11-085 Vulnerability in Windows Mail and Windows Meeting Space Could Allow Remote Code Execution (2620704)

                           MS11-086 Vulnerability in Active Directory Could Allow Elevation of Privilege (2630837)

MODERATE:   MS11-084  Vulnerability in Windows Kernel-Mode Drivers Could Allow Denial of Service (2617657) 

SpywareBlaster database update 11/8/2011 

19 NEW items (IE/ActiveX)

for a total of 14738 items in database

after updating (via internal updater), be sure to enable all protection

Windows Malicious Software Removal Tool for November, version 4.2

32-bit version for Win 7/Vista/XP/Server2003 http://www.microsoft.com/download/en/details.aspx?id=16

x64-bit version http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=9905