navigation bar left navigation bar right

Secunia CSI7
navigation left tab Advisories navigation right tab
navigation left tab Research navigation right tab
navigation left tab Forums navigation right tab
navigation left tab Create Profile navigation right tab
navigation left tab Our Commitment navigation right tab
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Insecure browser

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Mozilla Foundation
And, this specific program:
Mozilla Firefox 3.5.x

This thread has been marked as locked.
oldyorkie Insecure browser
Member 17th Jul, 2009 02:45
Ranking: 6
Posts: 32
User Since: 7th Aug, 2008
System Score: 100%
Location: UK
Last edited on 17th Jul, 2009 04:17

HA HA....not really a laughing matter but....I have the latest versions of both IE8 and FF 3.5....both of these are showing up as Insecure browsers...IE8 states "Minimum 3 attack vectors"....FF states "Minimum 3 critical attack vectors".

I stopped using IE because of this....now my preferred browser gone even less secure!!

Would you recommend using yet another browser...say Safari, for example....or just carry on using existing, but paying attention to links whilst surfing?...assuming a fix coming very soon from vendors....bearing in mind that IE8 has been showing up as insecure with no fix for past 2 months!!

NB..I have just installed 3.5.1 thinking it would make a difference (released 16/07/09)....not one bit!!

Thanks
oldyorkie

--

HP dv7
3.00GB RAM
Win 7 Home Premium 64 bit
AMD Phenom P820 II Triple Core
IE 9

Maurice Joyce RE: Insecure browser
Handling Contributor 17th Jul, 2009 11:38
Score: 11865
Posts: 9,101
User Since: 4th Jan 2009
System Score: N/A
Location: UK
I only use IE8. Having read details of the minor security issue with this browser I am carrying on (with caution) using it until Microsoft issue a patch.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
Rosanne RE: Insecure browser
Member 17th Jul, 2009 12:03
Score: 0
Posts: 6
User Since: 13th Nov 2008
System Score: N/A
Location: N/A
FF 3.5.1 has 3 attack vectors according to Secunia, 2 classified as Moderately Critical regarding Sun Java ( Sun has promised a patch for these bugs late July , hopefully they mean 2009 )
The Highly Critical bug from RealPlayer is found in build 6.0.14.748,
the latest version 955 should not be vulnerable.
So in conclusion FF 3.5.1 ought to be a very safe browser.

IE8 is plagued by getPlus ActiveX-bugs, and with the Dinosaur's behaviour of MS we customers have to be patient and wait for the appropiate patches
Was this reply relevant?
+0
-0
Anthony Wells RE: Insecure browser
Expert Contributor 17th Jul, 2009 16:54
Score: 2463
Posts: 3,348
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Ff v3.5.1 fixes the.jit bug & so it should no longer show as being itself vulnerable in "secure browsing" ; something like the Ff "add on" NoScript might make you feel more secure until there is a fix for the "no solution" Java vulnerability.

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
wr RE: Insecure browser
Contributor 17th Jul, 2009 20:50
Score: 308
Posts: 739
User Since: 30th Mar 2008
System Score: 100%
Location: US
Here's my .02 worth on IE8 & FF3.5.1 to oldyorkie, yes the latest v. fixed the .jit patch as Anthony Wells pointed out & I also agree w/ him on using NoScript as added protection, yes it can be a NaggingNanny but my take on the subject is I'd rather be nagged than hacked.

Regarding IE8, I read somewhere within the last 2 days that M$ was suggesting to rollback to IE7 rather than wait for patch(s) to IE8 as they had released additional patches for IE7. The author of the article gave no M$ reason for this, but my personal opinion is that rather than release patches for IE8 which probably will be included in new release of Win 7-except in Europe-the OEM v. will be "new" IE8 & then the patches will be released to general public. So follow Maurice Joyces' suggestion he posted earlier in this thread.

BTW Rosanne, I liked your assessment of when Java(tm) might issue a patch. Hopefully in this decade. I'm just glad we have a company like Secunia to point out these insecurities and give us the opportunity and options to make our systems more secure. Thanks Secunia for all you do & your support.

Now that I've exhausted most of my mental/technical capacity I hope everyone has a very enjoyable weekend.

Regards, wr

--
HP Pavilion Slimline s3020n
Windows Vista Home Premium SP2 32 bit
AMD 64 Athlon X2
Firefox 31.3.0 ESR
The weakest link of a computer system is always sitting in front of the monitor.
Was this reply relevant?
+0
-0
3Simplex RE: Insecure browser
Member 29th Jul, 2009 16:28
Score: 0
Posts: 3
User Since: 16th Feb 2009
System Score: N/A
Location: N/A
Although this may be more complicated for IE users. The FF user could get Chrome to work for them, I switched from FF to Chrome when it first came out just for the clean interface and the top of the line security features. I do use the Dev branch of Chrome and have not been bothered by any small instability. Now and then I do have to reload the page to get properly displayed pages, and I have to trick websites into believing i'm using safari because many sites discriminate the Chrome name. With my bag of tricks I can use chrome to watch "Instant" Netflix and surf unhindered by lazy web developers who don't want to accept that chrome really does work on their site without any major changes to their code.

Google Chrome "Dev" does not now, and has not ever shown as a vulnerability. (Perhaps only due to the laziness of other developers?)
Was this reply relevant?
+0
-0
Handries RE: Insecure browser
Member 29th Jul, 2009 20:32
Score: 1
Posts: 3
User Since: 9th Apr 2008
System Score: N/A
Location: CA
As browsers I have IE8, Maxthon 2.5.3, Firefox 3.51 and Opera 10 installed and the latter seems to be the safest of the lot, so I'm using that one as my default browser.
Was this reply relevant?
+0
-0
oldyorkie RE: Insecure browser
Member 5th Aug, 2009 21:16
Score: 6
Posts: 32
User Since: 7th Aug 2008
System Score: 100%
Location: UK
Many Thanks for all your inputs ref this ;-)

I have now (like many) updated to FF 3.5.2 and my "secure browsing" within PSI now showing as all issues with FF now being fixed....IE8 now only has 1 security issue as discussed in your posts.

Thankyou very much for your continued feeds in this forum.

--

HP dv7
3.00GB RAM
Win 7 Home Premium 64 bit
AMD Phenom P820 II Triple Core
IE 9
Was this reply relevant?
+0
-0
wr RE: Insecure browser
Contributor 5th Aug, 2009 21:21
Score: 308
Posts: 739
User Since: 30th Mar 2008
System Score: 100%
Location: US

Good to hear from you oldyorkie & good to know "we" finally got @ least one secure browser-hopefully it'll stay that way for awhile.

Regards, wr

--
HP Pavilion Slimline s3020n
Windows Vista Home Premium SP2 32 bit
AMD 64 Athlon X2
Firefox 31.3.0 ESR
The weakest link of a computer system is always sitting in front of the monitor.
Was this reply relevant?
+0
-0
oldyorkie RE: Insecure browser
Member 5th Aug, 2009 21:29
Score: 6
Posts: 32
User Since: 7th Aug 2008
System Score: 100%
Location: UK
on 5th Aug, 2009 21:21, wr wrote:
Good to hear from you oldyorkie & good to know "we" finally got @ least one secure browser-hopefully it'll stay that way for awhile.

Regards, wr


LOL. Fingers crossed!

Take Care
oldyorkie

--

HP dv7
3.00GB RAM
Win 7 Home Premium 64 bit
AMD Phenom P820 II Triple Core
IE 9
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
 
Secunia © 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+