Secunia
Login
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Thread: Firefox 3.6 shows as insecure
You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.This thread was submitted in the following forum:
PSI
| Snoopy | Firefox 3.6 shows as insecure |
|---|---|
 |
27th Feb, 2010 09:49 |
|
Ranking: 1 Posts: 6 User Since: 31st Dec, 2007 System Score: N/A Location: N/A |
Yesterday I upgraded to Firefox 3.6 as PSI indicated that version 3.5 was insecure. After running a scan PSI still shows Firefox 3.5 as insecure. I looked in the folder where the Firefox exe file is located. The date last modified shows a date of 1-15-10. In fact, most of the files in the folder show the older date. However, when I open Firefox using this exe file, the version is indicated as 3.6. This has never happened in previous upgrades to Firefox. Does anyone know why the exe and other files are not updated when I install the Firefox upgrade file? Does PSI use the date modified to identify which version I have installed? |
| Anthony Wells | RE: Firefox 3.6 shows as insecure | ||||||||
|
27th Feb, 2010 10:33 | ||||||||
| Score: 2324 Posts: 3,203 User Since: 19th Dec 2007 System Score: N/A Location: N/A |
Hello snoopy , Beig long in the tooth , but new to posting on te forum , I will give you some basic advice (sorry if you already know) , which may help you explain any problems to us more specifically :- To help resolve any problem , here are some instructions to help you first of all get the best out of PSI :- 1)use PSI in "advanced" mode ; 2)in the "settings" tab make sure that the box in the first/upper section is NOT ticked in order to have the maximum info available ; 3)tell us in which "tab(s)" your problem programme is located ; 4)in that tab , click on the + in the box at the left end of the programme , the page will expand ; 5)in the expanded page , tell us what is written in the "installation path" ; 6)in the "toolbox" section , lower down , the link "technical details" should confirm the installation path details ; 7)click on the link "open folder" and you will see more details concerning the location of the "problem" . Posting these details will help the Forum help you , if/when you have a problem . I have the same time stamp on my Firefox.exe file for my 3.6 ; Secunia do not always use obvious/expected files in their detection rules . It is likely that PSI has found old 3.5 files lurking somewhere on your machine . Concerning 3.5 and 3.6 updates , you might like to read this :- http://secunia.com/community/forum/thread/show/359... Let us know how you get on . Anthony -- It always seems impossible until its done. Nelson Mandela |
||||||||
|
|||||||||
| Snoopy | RE: Firefox 3.6 shows as insecure | ||||||||
|
|
27th Feb, 2010 18:33 | ||||||||
| Score: 1 Posts: 6 User Since: 31st Dec 2007 System Score: N/A Location: N/A |
Hi Anthony, Thanks for the response. I am an experienced PSI user. No need to apologize for advising me on how to report my issues. I should have listed more information on my post. I am also aware of the thread you indicated at the bottom of your post. I just thought someone might have had a similar issue and had found a solution. I'm reluctant to uninstall the older version before I install a new version because I do not want to re-install all of the "extras" I use with Firefox. I read the install log after I installed the upgrade and everything appeared to be normal. You're right when you say that Secunia sometimes has some odd connections when it tries to determine what version is insecure. I also use Chrome and I always have to delete the old set of folders when I upgrade. However, this is not possible with Firefox as everything remains in the same folder. I guess we will have to wait for Secunia/Mozilla to resolve this issue. Snoopy |
||||||||
|
|||||||||
| TiMow | RE: Firefox 3.6 shows as insecure | ||||||||
|
27th Feb, 2010 19:50 | ||||||||
| Score: 738 Posts: 728 User Since: 26th Jun 2009 System Score: 100% Location: CH |
@Snoopy FYI, I reverted back from Ff. 3.6 to previous version 3.5.8, as a precautionary measure, last week. I did not uninstall 3.6, prior to downloading / installing 3.5.8 and did this in the normal way as is the case with Ff. - the downloaded version overwriting the existing version. All my settings, add-ons, bookmarks, history etc. remained in tact. Up to and including a PSI scan today it`s showing "green and clean" under secure browsing. TiMow -- Computing is not yet a perfect science - it still requires humans. |
||||||||
|
|||||||||
| This user no longer exists | RE: Firefox 3.6 shows as insecure | ||||||||
|
|
1st Mar, 2010 08:43 | ||||||||
on 27th Feb, 2010 09:49, Snoopy wrote: Yesterday I upgraded to Firefox 3.6 as PSI indicated that version 3.5 was insecure. After running a scan PSI still shows Firefox 3.5 as insecure. I looked in the folder where the Firefox exe file is located. The date last modified shows a date of 1-15-10. In fact, most of the files in the folder show the older date. However, when I open Firefox using this exe file, the version is indicated as 3.6. Hi, Please try using Firefox's internal update system. There is a chance you missed a patch. Are you shown as secure by Firefox's own patcher? Have you tried clicking the Solution button from the PSI again? There may be incremental patches to consider. Hope this helps. |
|||||||||
|
|||||||||
| Snoopy | RE: Firefox 3.6 shows as insecure | ||||||||
|
|
1st Mar, 2010 23:16 | ||||||||
| Score: 1 Posts: 6 User Since: 31st Dec 2007 System Score: N/A Location: N/A |
OK. I installed Firefox 3.5.8 over version 3.6 and ran a Secunia PSI scan. Same story - Firefox is insecure. So I tried the Firefox internal updater which installed version 3.6 and ran another PSI scan. Once again it detects Firefox version 3.5.6 and shows it insecure. And yes, I did try the Solution button in PSI. However, this time all of the files in the Mozilla Firefox folder show 3/1/2010 as the date modified. You said there's a chance I missed a patch. Shouldn't updating to version 3.6 include all past patches? You ask: "Are you sure shown as secure by Firefox's own patcher?" How can I check this in Firefox? Snoopy |
||||||||
|
|||||||||
| This user no longer exists | RE: Firefox 3.6 shows as insecure | ||||||||
|
|
2nd Mar, 2010 08:52 | ||||||||
| Hi, To see which version Firefox says you have install, you can click "Help > About Mozilla Firefox" which should show you a version number. This needs to be either 3.5.8 or higher. If it is, you are secure. Refer to: http://secunia.com/advisories/37242 What is the "path" to Firefox? If you click + to expand the entry, it would help if you posted the field "Installation Path" here. Is it shown in the Insecure tab, or does it show a vulnerability in the Secure Browsing tab? The Secure Browsing tab, provididing an extra feature, shows even exploits you cannot patch, to help you assess which of your browsers are secure for surfing. Firefox currently has an unpatched vulnerability. If it is only shown in Secure Browsing, you have done all you can. Hope this helps. |
|||||||||
|
|||||||||
| Snoopy | RE: Firefox 3.6 shows as insecure | ||||||||
|
|
4th Mar, 2010 20:56 | ||||||||
| Score: 1 Posts: 6 User Since: 31st Dec 2007 System Score: N/A Location: N/A |
Hi Emil, Just wanted to let you know that as of today's PSI scan, my Firefox v3.6 now shows as secure. Thanks for your assistance. Snoopy |
||||||||
|
|||||||||
