Secunia
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Thread: Firefox patch
You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.This thread was submitted in the following forum:
Open Discussions
| forgetaboutit45 | Firefox patch |
|---|---|
 |
24th Feb, 2010 01:57 |
|
Ranking: 0 Posts: 1 User Since: 22nd Sep, 2009 System Score: N/A Location: US |
I recently came across an issue with Firefox. I was running version 3.5 at the time. Secunia informed me that I had a security issue with that version. I proceeded to go to the Firefox website and upgrade to the most recent version which is 3.6. I then scanned again and secunia is still telling me that I still have a security issue. I am runnning windows xp home edition with service pack three. All of my xp updates are current. What to do DeSamuel -- DeSamuel |
| TiMow | RE: Firefox patch | ||||||||
|
24th Feb, 2010 07:15 | ||||||||
| Score: 735 Posts: 728 User Since: 26th Jun 2009 System Score: 100% Location: CH Last edited on 24th Feb, 2010 09:11 |
As of 18 Feb Firefox 3.6 is flagged insecure by Secunia - cat.4, SA38608 refers. See this thread: http://secunia.com/community/forum/thread/show/358... This was a third party report, and as of yet has NOT been confirmed by Mozilla, or (as far as I`m aware) verified independently by Secunia. I downgraded to Ff version 3.5.8, which was indicated as not effected, and as of my last scan 2 days ago, remains secure. Hope this helps. TiMow -- Computing is not yet a perfect science - it still requires humans. |
||||||||
|
|||||||||
| E.Petersen | RE: Firefox patch |
|
24th Feb, 2010 08:42 |
| Score: 649 Posts: 1,892 User Since: 1st Jul 2009 System Score: N/A Location: Copenhagen, DK |
Hi, The Secunia researchers verify all exploits before issuing advisories. Please refer too: http://secunia.com/research/about/ http://secunia.com/products/corporate/VIF/ -- Kind regards, Emil R. Petersen Secunia PSI Support Secunia PSI http://secunia.com/vulnerability_scanning/personal |
| TiMow | RE: Firefox patch | ||||||||
|
|
24th Feb, 2010 09:02 | ||||||||
| Score: 735 Posts: 728 User Since: 26th Jun 2009 System Score: 100% Location: CH |
Thanks for clarification, Emil. For me, it wasn`t clear until now (even referring to your included links). I had been following the other related thread (as in included link above), and the opinion / reality was still somewhat ambiguous. TiMow -- Computing is not yet a perfect science - it still requires humans. |
||||||||
|
|||||||||
| Lee Ving | RE: Firefox patch | ||||||||
|
|
24th Feb, 2010 15:24 | ||||||||
| Score: -7 Posts: 6 User Since: 16th Dec 2009 System Score: N/A Location: N/A |
I have version 3.5.8 and still get the incessant warnings you just have to ignore the program. It does this with Flash and few other programs no matter what you do Secunia will never stop warning you. You have to put the programs on the ignore list. | ||||||||
|
|||||||||
| E.Petersen | RE: Firefox patch |
|
|
24th Feb, 2010 15:52 |
| Score: 649 Posts: 1,892 User Since: 1st Jul 2009 System Score: N/A Location: Copenhagen, DK Last edited on 24th Feb, 2010 15:54 |
@Lee Wing Hi, ignoring software leaves your system exposed to risk. Only ignore software if you feel the threat is acceptable, or have some special reason not to patch a certain program. Our flash rules currently work as intended. However, Flash fails to remove older versions of itself, so after patching the insecure version will frequently remain, and be flagged seperately (since the detected version is still present). If you are running Firefox 3.5.8 you are secure, and the PSI should flag you as such. Does the PSI show "3.5.8" in the version field? If so, please rescan, and you really shouldn't be flagged as insecure. Hope this helps. -- Kind regards, Emil R. Petersen Secunia PSI Support Secunia PSI http://secunia.com/vulnerability_scanning/personal |
| Lee Ving | RE: Firefox patch | ||||||||
|
|
24th Feb, 2010 17:24 | ||||||||
| Score: -7 Posts: 6 User Since: 16th Dec 2009 System Score: N/A Location: N/A |
I stand by my statements. Here are the details: Flash: from the registry version 10.0.45.2 2 I could find no other versions of Flash. Firefox: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8 Secunia cannot accept these programs. I know all about the OMG your you won't update argument for not ignoring Flash and Firefox the point is they are updated and if you want to stop the nagging of Secunia you put them in the ignore category. At this point why would I trust that Secunia, all of a sudden finding there is even newer update? It is a case of the "boy who cried wolf." With the constant warnings you end up ignoring secunia altogether. It's a choice of slowly adding programs to the ignore list or ignoring Secunia all the time. |
||||||||
|
|||||||||
| Anthony Wells | RE: Firefox patch | ||||||||
|
24th Feb, 2010 17:48 | ||||||||
| Score: 2165 Posts: 3,021 User Since: 19th Dec 2007 System Score: N/A Location: N/A Last edited on 24th Feb, 2010 17:50 |
Hello Lee Ving , The problem you are facing is not PSI "crying wolf" but more your learning how to interpret the information you get . Believe me , if you have PSI showing an insecure version of Flash , you more than likely have an out of date ActiveX .ocx file in the ..\Macromed\Flash\.. folder , somewhere on your computer ; either on your main drive or in a back up drive or in an i386 folder . I will give you some basic advice (sorry if you already know) , which may help you explain any problems to us more specifically :- To help resolve any problem , here are some instructions to help you first of all get the best out of PSI :- 1)use PSI in "advanced" mode ; 2)in the "settings" tab make sure that the box in the first/upper section is NOT ticked in order to have the maximum info available ; 3)tell us in which "tab(s)" your problem programme is located ; 4)in that tab , click on the + in the box at the left end of the programme , the page will expand ; 5)in the expanded page , tell us what is written in the "installation path" ; 6)in the "toolbox" section , lower down , the link "technical details" should confirm the installation path details ; 7)click on the link "open folder" and you will see more details concerning the location of the "problem" . Posting these details will help the Forum help you , if/when you have a problem . Run a PSI scan with your "ignore rules" set and then delete them (one at a time if you wish , they are easy to reset using the "toolbox" (steps6/7 above) and using the "ignore program" icon) and run another scan . Let us know what you find and if you need help dealing wit anything . Flash can be tricksy until you know how to deal with it . Anthony -- It always seems impossible until its done. Nelson Mandela |
||||||||
|
|||||||||
| TiMow | RE: Firefox patch | ||||||||
|
|
24th Feb, 2010 17:57 | ||||||||
| Score: 735 Posts: 728 User Since: 26th Jun 2009 System Score: 100% Location: CH |
Are you sure that PSI is not reporting on elements of older versions, that were not fully removed with the latest update. Flash is well known for this, and even offers a downloadable uninstaller to use before updating. You may have to investigate the file locations to see what you have; or just run the uninstaller, and then re-install flash. If you click on my name on the left it will list all replies I`ve given. Any one near the top relating to Adobe Flash will give more info. TiMow -- Computing is not yet a perfect science - it still requires humans. |
||||||||
|
|||||||||
| Lee Ving | RE: Firefox patch | ||||||||
|
|
24th Feb, 2010 18:54 | ||||||||
| Score: -7 Posts: 6 User Since: 16th Dec 2009 System Score: N/A Location: N/A |
I did get rid of Flash 10d.ocx and rescanned Secunia siad there was no change then a few seconds later a pop up said I had one program Fixefox insecure. the stats on that are: Technical details about this installation of Mozilla Firefox 3.5.x, you can use this information to determine why the Secunia PSI detected the program and the security state of it. Version Detected: 3.5.6 Installation Path: D:\Program Files\Mozilla Firefox\firefox.exe Last Inspection of Program: 24th Feb. 2010, 17:02 CET I have version 3.5.8 installed deleting Firefox.exe is not an option. There are no 2 other executable files in the folder the updater and crashreproter Secunia does not see this: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8 I don't see what else can be done I am not going to uninstall Fixefox. Ok got it just noticed it was the D:\ drive which is Vista I never use Vista so I will just ignore Firefox. secunia is redundant anyway since FireFox alerts me about updates anyway. |
||||||||
|
|||||||||
| E.Petersen | RE: Firefox patch |
|
|
25th Feb, 2010 08:41 |
| Score: 649 Posts: 1,892 User Since: 1st Jul 2009 System Score: N/A Location: Copenhagen, DK |
on 24th Feb, 2010 18:54, Lee Ving wrote: Version Detected: 3.5.6 Installation Path: D:\Program Files\Mozilla Firefox\firefox.exe Hi, Version 3.5.6, that you appear to have installed, is not secure. Please refer to: http://secunia.com/advisories/37242 So far, nobody has reported misdirection of Firefox (because the Mozilla dev team upgrade the version numbers of their files), so it's extremely likely that you have not, in fact, applied the update. I have just tried updating from FF 3.5.6 to 3.5.8 via. Mozilla's own updating system, and detection works flawlessly. After updating, please close and reopen firefox. Alternatively, click the Solution button from the PSI again, and install the patch, or update via. Firefox's build-in update mechanism. Then try a rescan, and you should now have version 3.5.8. Hope this helps. -- Kind regards, Emil R. Petersen Secunia PSI Support Secunia PSI http://secunia.com/vulnerability_scanning/personal |
| Lee Ving | RE: Firefox patch | ||||||||
|
|
25th Feb, 2010 16:08 | ||||||||
| Score: -7 Posts: 6 User Since: 16th Dec 2009 System Score: N/A Location: N/A |
I have Windows XP and Vista installed Secunia was flagging the Vista version. Since I never use Vista I don;t need to update it. thanks |
||||||||
|
|||||||||
