navigation bar left navigation bar right

Secunia CSI7
navigation left tab Advisories navigation right tab
navigation left tab Research navigation right tab
navigation left tab Forums navigation right tab
navigation left tab Create Profile navigation right tab
navigation left tab Our Commitment navigation right tab
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: insecure program

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Mozilla Foundation
And, this specific program:
Mozilla Firefox 3.5.x

This thread has been marked as locked.
bywhatnow insecure program
Member 29th Jul, 2009 22:23
Ranking: 0
Posts: 2
User Since: 4th Dec, 2008
System Score: N/A
Location: N/A
The scan showed that my Mozilla FireFox 3.5.1 was in need of a patch. I have gone to their site four (4) times and downloaded and installed the "latest" Firefox (3.5.1) I have also opened my Firefox and checked for updates. After all this I still get an unpatched message about Firefox. Is this a glitch or is Firefox still unpatched even after the update?

wr RE: insecure program
Contributor 30th Jul, 2009 01:29
Score: 308
Posts: 739
User Since: 30th Mar 2008
System Score: 100%
Location: US
No patch yet from FF: http://secunia.com/advisories/36001/

--
HP Pavilion Slimline s3020n
Windows Vista Home Premium SP2 32 bit
AMD 64 Athlon X2
Firefox 31.3.0 ESR
The weakest link of a computer system is always sitting in front of the monitor.
Was this reply relevant?
+0
-0
bjm__ RE: insecure program
Member 30th Jul, 2009 07:22
Score: 64
Posts: 374
User Since: 9th Mar 2009
System Score: 100%
Location: US
Last edited on 30th Jul, 2009 07:27
To: bywhatnow,

FF 3.5.1 still has a known unpatched security vulnerability...read the link offered by wr.
FF is as patched as it can be and your still vulnerable.
Secunia can't fix FF.
The beauty of PSI 1.5 is that you've been informed you have done all you can do to be safe and sometimes that just ain't enough. PSI 1.5 gives you information that you cannot get anywhere else and the cost is very reasonable considering the amount of time, effort and hard work involved keeping you informed.
The information is all there...all you have to do is use it.
__________________________________________________ ________________
URL bar spoofing vulnerability

07.28.09 - 03:40pm

Issue

The URL in the address bar can be spoofed when a new window or tab is opened by a malicious web page.

Impact to users

If a user visits a page hosting this malicious code, a new window or tab can be opened with a faked URL. There is no way of determining if the URL is authentic. This could result in the user disclosing confidential information to the malicious site, known as a phishing attack.

Status

This vulnerability is known to affect all current versions of Firefox. Mozilla is actively working on fixing this vulnerability. Users can mitigate this vulnerability by only sharing confidential information with websites that were opened from a bookmark, a trusted source, or by manually opening a new tab or window and entering a URL.
__________________________________________________ ____________________
Regards
bjm_
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
 
Secunia © 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+