navigation bar left navigation bar right

Secunia CSI7
navigation left tab Advisories navigation right tab
navigation left tab Research navigation right tab
navigation left tab Forums navigation right tab
navigation left tab Create Profile navigation right tab
navigation left tab Our Commitment navigation right tab
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Google Chrome old version, and Firefox.bak

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
xSI

This thread has been marked as locked.
libove Google Chrome old version, and Firefox.bak
Member 29th May, 2013 08:14
Ranking: 31
Posts: 71
User Since: 12th Feb, 2008
System Score: N/A
Location: N/A
I notice that xSI/ SmallBusiness reports Google Chrome (old) versions as needing manual intervention.

It also reports the Firefox.bak as needing manual intervention.

On the one hand, the simple presence of an executable could give a path to a smart-enough attack to leverage an old security vulnerability. On the other hand, this is how Chrome and Firefox's updating procedures work now. So reporting it as needing a manual intervention which neither the user's experience nor the software companies' designs really allow for, is not helpful.

Usually, I have a concrete solution to offer. In these two cases, I just can't. It probably requires a conversation by Secunia with both Google's Chrome team and Mozilla's Firefox team.

Good luck!

E.Jeppesen RE: Google Chrome old version, and Firefox.bak
Secunia Official 29th May, 2013 08:39
Score: 220
Posts: 618
User Since: 24th Nov 2008
System Score: N/A
Location: Copenhagen, DK
For these issues please see our FAQ. We have two entries that are relevant.
http://secunia.com/vulnerability_scanning/personal...
http://secunia.com/vulnerability_scanning/personal...
libove RE: Google Chrome old version, and Firefox.bak
Member 29th May, 2013 10:02
Score: 31
Posts: 71
User Since: 12th Feb 2008
System Score: N/A
Location: N/A
I don't see how these FAQ entries help. Me contacting Google and Mozilla about how Secunia's products react to their leaving the just-previous version present on the system is unlikely to provoke much reaction from them, nor really should it.

Perhaps a conversation with those vendors about assuring that those programs are left behind in a recoverable but not immediately usable state, to avoid them being security threats, is sensible, but frankly I think that is better brought up by a security research firm (Secunia) than by the users.

Knowing where the old versions are stored is easy. Knowing whether it is at all a wise thing for a user to do to remove them manually - especially with PSI and SmallBusiness - is out of character of the audience for these individual/ small business programs, even if it wasn't an inefficient use of very limited IT resources to have to manually respond.

I re-submit that, although I don't have a specific suggestion in this rare case, I do think that this is something on which Secunia, as a respected security firm, should propose reasonable solutions, both for its users and to the software makers (Google, Mozilla).

Thank you.
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
 
Secunia © 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+