Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Firefox ESR not detected correctly

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
OSI

This thread has been marked as locked.
osibem Firefox ESR not detected correctly
Member 10th Jan, 2013 10:44
Ranking: 0
Posts: 1
User Since: 10th Jan, 2013
System Score: N/A
Location: DE
Last edited on 10th Jan, 2013 10:45

Firefox 17.0.1 ESR is installed, and OSI tells me, latest safe Version is 18.x, which is not true for ESR, because 17.0.2 ESR is the latest safe version for Firefox ESR. So, OSI should detect if Firefox is ESR or not.

E.Jeppesen RE: Firefox ESR not detected correctly
Secunia Official 11th Jan, 2013 10:31
Score: 220
Posts: 618
User Since: 24th Nov 2008
System Score: N/A
Location: Copenhagen, DK
Thank you for reporting. We are aware of the issue but unfortunately Mozilla has not made any differences in the file version information between the ESR edition and the regular edition of Firefox 17.x. This means that Firefox ESR version 17.0 and 17.0.1 will be detected as the regular Firefox and not the ESR editions, while in fact they should not be detected at all since they are not stable versions.
Please see this link for details:
https://wiki.mozilla.org/Enterprise/Firefox/Extend...
Anthony Wells RE: Firefox ESR not detected correctly
Expert Contributor 11th Jan, 2013 15:37
Score: 2437
Posts: 3,323
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hello Emil ,

This has been a problem waiting to happen as per this thread :-

http://secunia.com/community/forum/thread/show/135...

As far as ESR "not being stable" - it's users and specifically "organisations" will no doubt be surprised to hear that - so I think your post here to that effect is not exact - see your post of 27/11/2012 @ 1604 in the above linked thread and the following are more up to date Mozilla links than yours :-

http://www.mozilla.org/en-US/firefox/organizations...

and

http://www.mozilla.org/en-US/firefox/organizations...

This is a predicted ongoing problem now and will reoccur at the next platform split . I worry that Firefox ESR platform 17.x users who run the PSI version 3.x or xSI will suffer "incorrect updates" from ESR 17.x (to version 18.x of the release channel) unless you get to grips with the detection rules ASAP .

Take care

Anthony




--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
wr RE: Firefox ESR not detected correctly
Contributor 11th Jan, 2013 20:00
Score: 308
Posts: 736
User Since: 30th Mar 2008
System Score: 100%
Location: US
Hi all

Maybe I'm confused but I don't think Firefox ESR
is at 17.x yet. I only received a automatic notification
of an ESR update on or about Jan 8th-this was from 10.0.11 to 10.0.12 which I installed problem free.

I run PSI v1.5.0.2 & after M$ Patch Tuesday my
ESR version of Ff was correctly identified as
10.0.12.4751. This was after installing all the Patches
my system required & rebooting several times then
doing a PSI system scan.

If I understand all my observations correctly v17.x is
the last stable version available-v18.x is in Beta.

Hope this helps.

Regards, wr

--
HP Pavilion Slimline s3020n
Windows Vista Home Premium SP2 32 bit
AMD 64 Athlon X2
Firefox 24.4.0 ESR
The weakest link of a computer system is always sitting in front of the monitor.
Was this reply relevant?
+0
-0
Anthony Wells RE: Firefox ESR not detected correctly
Expert Contributor 11th Jan, 2013 23:14
Score: 2437
Posts: 3,323
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 11th Jan, 2013 23:26
Hello wr ,

Firefox 17.0.1 was insecure and was updated on or about 09/01/2013 to Stable (definitely not Beta) 18.0 on the release channel and 17.0.2 on the ESR channel ; you can get ESR here :-

http://www.mozilla.org/en-US/firefox/organizations...

If you scroll down the 17.0.2 listing listing , you will come to a 10.0.12 listing which may well continue for now , as it seems it might have more localised versions ; some of which are not yet complete , see third listing at the end ; but I'm guessing there .

EDIT I found this on WIKI :-

QUOTE : At Firefox 17 and Firefox 18, there would be two ESR versions supported. Respectively, ESR 10.0.11 and ESR 17.0.0; ESR 10.0.12 and ESR 17.0.2. Finally, when Firefox reaches 19.0, ESR 10 would go end-of-life alongside the release of ESR 17.0.2. The cycle repeats again.
When ESR 10.0.x reaches end-of-life the automatic Firefox Updater will prompt users to update to ESR 17.0.x.[113] :UNQUOTE

which is not entirely accurate but gives you the gist of things .


So Support/Emil will need to keep all three platforms listed in their rules :-

10.x ESR , 17.x ESR and 18.x + future release channels .

Am due to have my eyes stabbed over the next couple of weeks (23rd and 30th) , so hope soon to be seeing you in a new light OGSO :))

Have a good 2013 .

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
wr RE: Firefox ESR not detected correctly
Contributor 12th Jan, 2013 01:46
Score: 308
Posts: 736
User Since: 30th Mar 2008
System Score: 100%
Location: US
Last edited on 12th Jan, 2013 01:47
Hello Anthony

Thanks for the 'enlightenment' on the 3 different
platforms of Firefox. I wasn't aware of that fact.
I just know I automatically get notification of the
updates as they become available for the esr
10.x version.

I sure hope all goes well with the 'eye stabbing'-
mine still aren't 'ripe' enough yet.

I wish you a happy & prosperous 2013 as well.
Hope the new light isn't blinding!

Take care-OGSO
EDIT:spelling

--
HP Pavilion Slimline s3020n
Windows Vista Home Premium SP2 32 bit
AMD 64 Athlon X2
Firefox 24.4.0 ESR
The weakest link of a computer system is always sitting in front of the monitor.
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability