Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: PSI Does not show "Mozilla Firefox Memory Corruption Vulnerabilit...

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
F_BIG PSI Does not show "Mozilla Firefox Memory Corruption Vulnerability SA35798" Except Under "Secure Browsing"
Member 14th Jul, 2009 19:03
Ranking: 4
Posts: 19
User Since: 14th May, 2009
System Score: 100%
Location: US
I think that Secunia needs to change the GUI for PSI. I evaluated PSI when it first came out and could not use it, since I had some issues with Firefox 2 and my stock Avenquest System Suite, as I remember.
However, I started using it again about 10 weeks ago, really appreciated it, and have left it enabled and active most of the time.
Today, I checked my PSI status, and did not look at the Secure Browsing Tab. My bad.
I use the INFOCon Monitor Firefox extension (BTW, it does run okay for me under FF 3.5 if version checking is disabled on it, YMMV.) I have a good, stable FF 2.0.xx profile, and had been adding extensions that worked there for me, which I need, to my FF 3.5.
When I noticed the INFOCon Monitor had gone to YELLOW, I opened up the Storm Center Diary at http://isc.sans.org/diary.html?date=2009-07-14 and found that Secunia had issued SA35798 for FF3.5, which was the browser I was using at the time. I immediately went to PSI and checked the FF 3.5 under the Patched tab. It was shown as being patched. I did not check Secure Browsing, again. Bad #2. I chose the Re-Scan in for FF 3.5 on the patched tab, and nothing came back again.
Now, I'd followed the link to SA35798 from the Storm Center page, so, Why wasn't PSI detecting it? Well, it had, under the Secure Browsing Tab. I just didn't see it because I was not expecting it. (I knew I had an unpatched IE7 issue, so in my mind, that is why Secure Browsing was Red instead of Blue in the PSI application. My Bad #3) At least I hadn't been anywhere that seemed to use SA35798, so I dropped back to FF 2.0.xx for a bit, whew.
So, my plea/rant comes to this: Could Secunia please change the GUI to change the display on the Overview Page (and how about the tab too?) to indicate a status change on the number of insecure browsers? Especially since browser vulnerabilities come and go like the tides? I really hate it when I shoot at my foot, even when I miss.
/s/ F_BIG

Anthony Wells RE: PSI Does not show "Mozilla Firefox Memory Corruption Vulnerability SA35798" Except Under "Secure Browsing"
Expert Contributor 14th Jul, 2009 21:08
Score: 2437
Posts: 3,332
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 14th Jul, 2009 21:11
I concur ; did the same/similar "my bads" & without any outside input , I found out by chance -checking whether Firefox showed as v3.0xx or v3.5 in "secure browsing"; thanks for that update Secunia.
Fortunately , at least I'm running a sandbox & have Chrome back up , so I too seem to have missed my foot.

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
Sary RE: PSI Does not show "Mozilla Firefox Memory Corruption Vulnerability SA35798" Except Under "Secure Browsing"
Member 14th Jul, 2009 22:25
Score: 0
Posts: 13
User Since: 15th Mar 2010
System Score: N/A
Location: N/A
Last edited on 15th Jul, 2009 00:29
For F_BIG,

Using another browser, or another version of Firefox, is not necessary if you follow directions on the Mozilla Security Blog found at this address:

<http://blog.mozilla.com/security/2009/07/14/critic...>

Please forgive me, if I misunderstood your post; however, you seem to be using the Internet Storm Center's Infocon in a Firefox extension, and I am wondering why. ISC handler Tom Liston has programmed an icon alert, which you can run in the system tray. Here is the direct-download link at ISC to a zip file, which contains Mr. Liston's tool:

<http://handlers.sans.org/tliston/ISCAlert.zip>

With the Infocon in the system tray, you don't have to open your browser to see it. Or maybe you prefer a hidden taskbar, and I should mind my own business? (Smile)

Thank you for writing to the forum about the need to give more prominence to an insecure browser. I agree with you, and I would like to see a robust indication of trouble located on the patched-programs tab, too. A red box around an insecure browser in the patched-programs list would stick out like a sore thumb.

Best regards,
Sarah

Win XP Home SP-3
PSI ver. 1.5.0.0
Firefox 3.5

Edited to include the most authoritative reference--namely, Mozilla's security experts--and to remove unnecessary reference to other sources. 17:24 CDT.
Was this reply relevant?
+0
-0
Anthony Wells RE: PSI Does not show "Mozilla Firefox Memory Corruption Vulnerability SA35798" Except Under "Secure Browsing"
Expert Contributor 15th Jul, 2009 12:57
Score: 2437
Posts: 3,332
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 15th Jul, 2009 13:00

For Sarah ,
Thank you for those two most useful links . The "red box" in the secure page , I like .
Needs something for the left side of the over view page (& bells & whistles on the "secure browsing" tab ; At my age I need all the help I can get :-o))

Take care
Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability