Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Firefox 16 unsafe

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Mozilla Foundation
And, this specific program:
Mozilla Firefox 16.x

This thread has been marked as locked.
kygin Firefox 16 unsafe
Member 11th Oct, 2012 14:49
Ranking: 0
Posts: 6
User Since: 16th Jan, 2008
System Score: N/A
Location: US
Last edited on 11th Oct, 2012 14:49

Just passing this information along. Yesterday Secunia flagged Firefox 15.0.1 as "end of life." (My settings do not allow automatic download, but rather notification.) I went to the Mozilla site and Firefox 15.0.1 was offered, not 16. I went back and allowed Secunia to download and install Firefox 16. Today I learned that Mozilla pulled Firefox 16 for security reasons and is recommending that users revert to 15.0.1 which is available from their download site. (That was why on 15.0.1 was available when I went there to download before allowing Secunia to do it instead.) My concern is that Secunia downloaded Firefox 16 after Mozilla had declared it unsafe. You may have some users out there running that version, unaware that they should downgrade for security's sake.

Anthony Wells RE: Firefox 16 unsafe
Expert Contributor 11th Oct, 2012 15:28
Score: 2437
Posts: 3,327
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Mozilla are suggesting the possibilty of going back until there is a 16.x repair ; as I have posted elsewhere :-

HI ,

Mozilla Firefoxversion 15.x suffers from a more/"highly" crtical unpatched vulnerability in SA50856 :-

http://secunia.com/advisories/50856/

I would say that the best (current) solution is to make sure you :

either use an alternative browser (note that IE8 has a well known vulnerability of similar criticality to the one in version 16.x .)

or use your best safe browsing rules and avoid visiting unqualified sites where possible .

Take care

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0
kygin RE: Firefox 16 unsafe
Member 11th Oct, 2012 15:32
Score: 0
Posts: 6
User Since: 16th Jan 2008
System Score: N/A
Location: US
Thank you for replying. FWIW, I searched for "firefox 16" before I posted and nothing current was returned.
Was this reply relevant?
+0
-0
Anthony Wells RE: Firefox 16 unsafe
Expert Contributor 11th Oct, 2012 15:59
Score: 2437
Posts: 3,327
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hi ,

Most of the comments are probably under a 15.0.1 heading or the Secunia Advisory .

Take care

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
monastic RE: Firefox 16 unsafe
Member 11th Oct, 2012 16:07
Score: 0
Posts: 1
User Since: 23rd Jun 2011
System Score: N/A
Location: N/A
Thanks you for the information re: Firefox 16. I was perplexed when Secunia flagged Firefox 15.0.1 as end of life but would not allow an update. I'm not enjoying Firefox as much as i did when it first came on the Browser scene. Its slow and buggy. But I do love the add on especially https everywhere and no squint. But I now use Chrome when I feel the need for speed.
Was this reply relevant?
+0
-0
Anthony Wells RE: Firefox 16 unsafe
Expert Contributor 11th Oct, 2012 16:20
Score: 2437
Posts: 3,327
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hi ,

I find the current Ff pretty fast but it is not overloaded with whistles and bells ; Colourful Tabs and NoSquint are absolutely essential .

In comparison of couse , my Dev Channel Chrome is more Usain Bolt ; it just needs something like NoSquint ; especially for websites like this Secunia nightmare ; his parents should send the "webmaster!!!" to bed earlier .

Take care

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
rich.sec RE: Firefox 16 unsafe
Member 11th Oct, 2012 19:31
Score: 0
Posts: 2
User Since: 29th Dec 2010
System Score: N/A
Location: N/A
PSI actually did just upgrade me to FF 16.0, I had to manually downgrade and then quickly launch the UI and tell it to ignore FF before it upgraded me again.

(I say "quickly" but there is nothing quick about launching the PSI UI... although it probably works fine if you live in Denmark and have 100Mbps internet.)
Was this reply relevant?
+0
-0
rich.sec RE: Firefox 16 unsafe (not anymor)
Member 11th Oct, 2012 20:20
Score: 0
Posts: 2
User Since: 29th Dec 2010
System Score: N/A
Location: N/A
They just pushed FF16.0.1.
Was this reply relevant?
+0
-0
Mynah Bird RE: Firefox 16 unsafe
Member 11th Oct, 2012 22:14
Score: 8
Posts: 33
User Since: 26th Apr 2012
System Score: N/A
Location: US
Is Firefox 16.0.1 still unsafe? My secure browsing, version 2.0.0.4003 is still showing it as unsafe--SA50932, with no vendor solution.
Was this reply relevant?
+0
-0
Websafe RE: Firefox 16 unsafe
Member 11th Oct, 2012 22:53
Score: 79
Posts: 105
User Since: 24th May 2009
System Score: 100%
Location: NL
Hello all,

Same here as Mynah Bird has posted.
After a full PSI scan Firefox is correctly recognized as Firefox.exe 16.0.1.4666.
Under the secure browsing Mozilla Firefox is still recognized as Unpatched According SA50932. Link:
http://secunia.com/advisories/50932/
Which shows as Original Advisory
Mozilla:
http://blog.mozilla.org/security/2012/10/10/securi...

This blog shows the vulnerability has been fixed.
So it seems a false positive to me, but I'm not sure!

Anyone else an idea SA50932 has been fixed?

Windows XP-home SP3,
Secunia PSI 2.0.0.3003

Websafe
Was this reply relevant?
+0
-0
Anthony Wells RE: Firefox 16 unsafe
Expert Contributor 11th Oct, 2012 22:56
Score: 2437
Posts: 3,327
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

16.0.1 was released at 12.00 PT and fixes the vulnerability in SA50932 :-

https://blog.mozilla.org/security/2012/10/10/secur...

you will need to be patient until Secunia update the SA and correct the PSI detection rules ; not likely before tomorrow Friday the 12th CET .

Hope that ie helpful .

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
Mynah Bird RE: Firefox 16 unsafe
Member 11th Oct, 2012 22:58
Score: 8
Posts: 33
User Since: 26th Apr 2012
System Score: N/A
Location: US
@Anthony--as always you provided the answer. Thanks.
Was this reply relevant?
+0
-0
Anthony Wells RE: Firefox 16 unsafe
Expert Contributor 11th Oct, 2012 23:01
Score: 2437
Posts: 3,327
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Full details of 16.0.1 are here:-

http://www.mozilla.org/en-US/firefox/16.0.1/releas...

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability