Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Secure Browsing: JRE 32-bit and 64-bit

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Sun Microsystems
And, this specific program:
Oracle Java JRE 1.5.x / 5.x

This thread has been marked as locked.
lamaslany Secure Browsing: JRE 32-bit and 64-bit
Member 2nd Jul, 2009 10:43
Ranking: 22
Posts: 19
User Since: 8th May, 2009
System Score: N/A
Location: N/A
After upgrading Secunia PSI to 1.5.0.0 it warned me that there was a problem with my browser security. To my suprise however it listed IE8 (admittedly 64-bit) as being the most secure!

It seems that the problem was my installation of Sun Java. I run JRE 1.5.x as a dependancy for a couple of apps but I had JRE 1.6.x as my default system-wide JRE - which I assumed was being used by my browsers.

Unfortunately I had not paid enough attention to the JRE release notes...

I run 64-bit Windows (x64) and had installed the 64-bit JRE (now that 64-bit is *finally* supported). The problem is that the 64-bit JRE is not used by the 32-bit browsers. Instead my browsers have been using the 32-bit JRE 1.5.x install!


I have since installed the latest 32-bit JRE 1.6.x and it fixed a couple of the references but I have a problem with "C:\Program Files (x86)\Java\jre1.5.0_19\bin\java.exe" pertaining to SA17478 (http://secunia.com/advisories/17478/) in both IE and Firefox. Is there any known way to de-reference this JRE instance completely for Firefox (and preferably IE)?

Many thanks,

Anthony Wells RE: Secure Browsing: JRE 32-bit and 64-bit
Expert Contributor 2nd Jul, 2009 17:29
Score: 2384
Posts: 3,280
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

If you JRE 1.5 dependent , open the insecure program + link (advanced mode) look in "toolbox" and click on "ignore program" & and it will create an "ignore rule" . Click save & you can see it in the settings tab - you can write your own rules using the same format. PSI still scans the file , it just doesn't report it - so don't forget it is there

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
lamaslany RE: Secure Browsing: JRE 32-bit and 64-bit
Member 12th Aug, 2009 10:46
Score: 22
Posts: 19
User Since: 8th May 2009
System Score: N/A
Location: N/A
I had considered adding it as an exception but I'd rather it flag it as insecure than have PSI stop reporting on it. Otherwise if a new advisory/update is issued that makes the application an unacceptable risk I would not be informed.
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability