Secunia CSI7
Create Profile
Our Commitment
Open Discussions
My Threads
Create Thread

Forum Thread: Google Chrome old version, and Firefox.bak

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:

This thread has been marked as locked.
libove Google Chrome old version, and Firefox.bak
Member 29th May, 2013 08:14
Ranking: 31
Posts: 71
User Since: 12th Feb, 2008
System Score: N/A
Location: N/A
I notice that xSI/ SmallBusiness reports Google Chrome (old) versions as needing manual intervention.

It also reports the Firefox.bak as needing manual intervention.

On the one hand, the simple presence of an executable could give a path to a smart-enough attack to leverage an old security vulnerability. On the other hand, this is how Chrome and Firefox's updating procedures work now. So reporting it as needing a manual intervention which neither the user's experience nor the software companies' designs really allow for, is not helpful.

Usually, I have a concrete solution to offer. In these two cases, I just can't. It probably requires a conversation by Secunia with both Google's Chrome team and Mozilla's Firefox team.

Good luck!

E.Jeppesen RE: Google Chrome old version, and Firefox.bak
Secunia Official 29th May, 2013 08:39
Score: 220
Posts: 618
User Since: 24th Nov 2008
System Score: N/A
Location: Copenhagen, DK
For these issues please see our FAQ. We have two entries that are relevant.
libove RE: Google Chrome old version, and Firefox.bak
Member 29th May, 2013 10:02
Score: 31
Posts: 71
User Since: 12th Feb 2008
System Score: N/A
Location: N/A
I don't see how these FAQ entries help. Me contacting Google and Mozilla about how Secunia's products react to their leaving the just-previous version present on the system is unlikely to provoke much reaction from them, nor really should it.

Perhaps a conversation with those vendors about assuring that those programs are left behind in a recoverable but not immediately usable state, to avoid them being security threats, is sensible, but frankly I think that is better brought up by a security research firm (Secunia) than by the users.

Knowing where the old versions are stored is easy. Knowing whether it is at all a wise thing for a user to do to remove them manually - especially with PSI and SmallBusiness - is out of character of the audience for these individual/ small business programs, even if it wasn't an inefficient use of very limited IT resources to have to manually respond.

I re-submit that, although I don't have a specific suggestion in this rare case, I do think that this is something on which Secunia, as a respected security firm, should propose reasonable solutions, both for its users and to the software makers (Google, Mozilla).

Thank you.
Was this reply relevant?

This thread has been marked as locked.

 Products Solutions Customers Partner Resources Company
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
Technology Partners
 About us

© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer