Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Insecure Browser

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
This user no longer exists Insecure Browser
Member 28th Jun, 2009 21:13
Ranking: 0
Posts: 1
User Since: 1st Jan, 1970
System Score: N/A
Location: N/A
I use both Firefox and IE8. Firefox is reported secure. IE8 insecure. Adobe Flash player 9 is showing as the problem.
FP 10 is also loaded and patched - secure.

FP9 File is actually in my 3 mobile USB modem program files.

File path: C:\Program Files\3\3connect\Flash.ocx
Adobe Flash Player 9.x (ActiveX Control) version 9.0.115.0
How would I go about fixing this issue?

Otherwise PSI reports 59 of 60 programs secure, score 98%.

eSKzHvZreJxktYLUd4jN1oy... RE: Insecure Browser
Member 2nd Jul, 2009 15:43
Score: -1
Posts: 82
User Since: 7th Dec 2009
System Score: N/A
Location: N/A
It's often a tricky situation when insecure software is bundled with other software. The PSI will point to the official patch from the vendor of the insecure program, but when the program is bundled with something else and not in the standard location, the patch from the vendor may not be applicable. You can delete the insecure file of course, but then the program (the 3 mobile USB modem in this case) may not work. So there is really no good way to solve this issue.

I have these suggestions:
- Contact the vendor of this "3 mobile USB modem" and ask how to use their product in a secure manner, without depending on vulnerable 3. party software. They ought to have a solution, but speaking from experience one should not be too sure.
- Create an ignore rule in the PSI.
Was this reply relevant?
+0
-0
Anthony Wells RE: Insecure Browser
Expert Contributor 2nd Jul, 2009 16:17
Score: 2437
Posts: 3,323
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 2nd Jul, 2009 16:18
Creating an ignore rule stops Secunia from displaying the problem after the scan & tends to defeat the object of making your computer secure where there is a solution available (somewhere ??) . Flash insecurities on USB's remind me of "Conficker" or should that be "Gamblar".

If you expand your insecure program + link ( in advanced mode ) you will see "Installation path" & below that "toolbox". If you click on the "open folder" link in "toolbox" you will be able to see the offending folder/files & hopefully give an idae how to update to the latest version of Flash .
As a non-techie I can't tell you how to actually do that ; although I could probably get there by trial & error or by 'phoning a friend.

Secunia is telling you there is a risk & Adobe have an update to "secure" the software until the next attack/patch appears.

It is entirely your choice on what you do & how you do it. The Forum is here to help find answers that work (hopefully !:o))

Take care
Anthony


--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability