Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Security Advisory for Firefox v. 10.0.1?

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Mozilla Foundation
And, this specific program:
Mozilla Firefox 10.x

This thread has been marked as resolved.
lmacri Security Advisory for Firefox v. 10.0.1?
Member 12th Feb, 2012 16:27
Ranking: 42
Posts: 87
User Since: 9th Sep, 2009
System Score: N/A
Location: CA
Last edited on 12th Feb, 2012 16:34

Does anyone know if Secunia is planning to release a security advisory for the Mozilla Firefox v. 10.0.1 browser (released 10-Feb-2012) in the next few days?

According to Mozilla's Security Advisories for Firefox at https://www.mozilla.org/security/known-vulnerabili... there was a critical security patch (MFSA 2012-10) in the new Firefox v. 10.0.1 update. However, PSI v. 2.0.0.3001 is still reporting that my unpatched Firefox v. 10.0.0 is secure.

The Secunia Vulnerability Report for Firefox 10.x at http://secunia.com/advisories/product/39619/ currently shows that there are 0 for 0 security advisories and states that "There are no unpatched Secunia advisories affecting this product, when all vendor patches are applied."

--
Vista Home Premium SP2 32-bit * NIS 2013 v. 20.5.0.28 * IE 9 * FF v. 31.0 * PSI v. 2.0.0.3003

Post "RE: Security Advisory for Firefox v. 10.0.1?" has been selected as an answer.
mogs RE: Security Advisory for Firefox v. 10.0.1?
Expert Contributor 12th Feb, 2012 17:08
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
@imacri

I would think it will be an item for Support when in the office tomorrow. Meanwhile, FF10 is showing as secure...as you state by the Secunia Advisory.
Reading thro' the Mozilla Advisory....it does state that the issues 10.0.1 fixes, have a potential to be exploited....but as yet unproven it seems. Maybe that is one reason. Supposition on my part tho'.

--
Was this reply relevant?
+1
-0
Maurice Joyce RE: Security Advisory for Firefox v. 10.0.1?
Handling Contributor 12th Feb, 2012 19:30
Score: 11711
Posts: 8,954
User Since: 4th Jan 2009
System Score: N/A
Location: UK
By following the Mozilla notification this alleged vulnerability was "found" by their own staff under the heading MFSA 2012-10

It has been summited as CVE 2012-0452 - details of that submission are here:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-...

Note the Status of this CVE.

Candidate

This CVE Identifier has "Candidate" status and must be reviewed and accepted by the CVE Editorial Board before it can be updated to official "Entry" status on the CVE List. It may be modified or even rejected in the future.


Until accepted as an official entry it is highly unlikely Secunia will do anything.

That does not prevent Mozilla pushing out their own security update.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+3
-0
mogs RE: Security Advisory for Firefox v. 10.0.1?
Expert Contributor 12th Feb, 2012 21:21
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Thanks very much for that clarification Maurice....I've bookmarked the CVE site for future reference.....very informative....cheers.......

--
Was this reply relevant?
+0
-0
Anthony Wells RE: Security Advisory for Firefox v. 10.0.1?
Expert Contributor 13th Feb, 2012 14:40
Score: 2437
Posts: 3,323
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hi ,

SA48008 has been issued today dealing with the vulnerability :-

http://secunia.com/advisories/48008/

Take care

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0
This user no longer exists RE: Security Advisory for Firefox v. 10.0.1?
Member 13th Feb, 2012 15:05
Hi,

Our rules have been updated to corrospond to the advisory. If you scan again, are you shown the correct patched status?
Was this reply relevant?
+0
-0
lmacri RE: Security Advisory for Firefox v. 10.0.1?
Member 14th Feb, 2012 00:08
Score: 42
Posts: 87
User Since: 9th Sep 2009
System Score: N/A
Location: CA
Last edited on 14th Feb, 2012 00:09
on 13th Feb, 2012 15:05, wrote:

If you scan again, are you shown the correct patched status?


Hi Emil:

Yes, I can confirm that my PSI scan is now showing my unpatched Firefox 10.0.0 as insecure and the scan results have a link to the Secunia's Security Advisory SA48008 at http://secunia.com/advisories/48008/ mentioned by Anthony.

Thanks to everyone for your prompt responses.

--
Vista Home Premium SP2 32-bit * NIS 2013 v. 20.5.0.28 * IE 9 * FF v. 31.0 * PSI v. 2.0.0.3003
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability