navigation bar left navigation bar right

Secunia CSI7
navigation left tab Advisories navigation right tab
navigation left tab Research navigation right tab
navigation left tab Forums navigation right tab
navigation left tab Create Profile navigation right tab
navigation left tab Our Commitment navigation right tab
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Firefox 3.6 shows as insecure

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
Snoopy Firefox 3.6 shows as insecure
Member 27th Feb, 2010 09:49
Ranking: 1
Posts: 6
User Since: 31st Dec, 2007
System Score: N/A
Location: N/A
Yesterday I upgraded to Firefox 3.6 as PSI indicated that version 3.5 was insecure. After running a scan PSI still shows Firefox 3.5 as insecure. I looked in the folder where the Firefox exe file is located. The date last modified shows a date of 1-15-10. In fact, most of the files in the folder show the older date. However, when I open Firefox using this exe file, the version is indicated as 3.6.

This has never happened in previous upgrades to Firefox. Does anyone know why the exe and other files are not updated when I install the Firefox upgrade file? Does PSI use the date modified to identify which version I have installed?

Anthony Wells RE: Firefox 3.6 shows as insecure
Expert Contributor 27th Feb, 2010 10:33
Score: 2463
Posts: 3,348
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hello snoopy ,

Beig long in the tooth , but new to posting on te forum , I will give you some basic advice (sorry if you already know) , which may help you explain any problems to us more specifically :-

To help resolve any problem , here are some instructions to help you first of all get the best out of PSI :-

1)use PSI in "advanced" mode ;
2)in the "settings" tab make sure that the box in the first/upper section is NOT ticked in order to have the maximum info available ;
3)tell us in which "tab(s)" your problem programme is located ;
4)in that tab , click on the + in the box at the left end of the programme , the page will expand ;
5)in the expanded page , tell us what is written in the "installation path" ;
6)in the "toolbox" section , lower down , the link "technical details" should confirm the installation path details ;
7)click on the link "open folder" and you will see more details concerning the location of the "problem" .

Posting these details will help the Forum help you , if/when you have a problem .

I have the same time stamp on my Firefox.exe file for my 3.6 ; Secunia do not always use obvious/expected files in their detection rules .

It is likely that PSI has found old 3.5 files lurking somewhere on your machine .

Concerning 3.5 and 3.6 updates , you might like to read this :-

http://secunia.com/community/forum/thread/show/359...

Let us know how you get on .

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+10
-0
Snoopy RE: Firefox 3.6 shows as insecure
Member 27th Feb, 2010 18:33
Score: 1
Posts: 6
User Since: 31st Dec 2007
System Score: N/A
Location: N/A
Hi Anthony,

Thanks for the response. I am an experienced PSI user. No need to apologize for advising me on how to report my issues. I should have listed more information on my post. I am also aware of the thread you indicated at the bottom of your post.

I just thought someone might have had a similar issue and had found a solution. I'm reluctant to uninstall the older version before I install a new version because I do not want to re-install all of the "extras" I use with Firefox. I read the install log after I installed the upgrade and everything appeared to be normal.

You're right when you say that Secunia sometimes has some odd connections when it tries to determine what version is insecure. I also use Chrome and I always have to delete the old set of folders when I upgrade. However, this is not possible with Firefox as everything remains in the same folder.

I guess we will have to wait for Secunia/Mozilla to resolve this issue.

Snoopy
Was this reply relevant?
+0
-0
TiMow RE: Firefox 3.6 shows as insecure
Dedicated Contributor 27th Feb, 2010 19:50
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
@Snoopy

FYI, I reverted back from Ff. 3.6 to previous version 3.5.8, as a precautionary measure, last week.

I did not uninstall 3.6, prior to downloading / installing 3.5.8 and did this in the normal way as is the case with Ff. - the downloaded version overwriting the existing version.

All my settings, add-ons, bookmarks, history etc. remained in tact.

Up to and including a PSI scan today it`s showing "green and clean" under secure browsing.

TiMow

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+1
-0
This user no longer exists RE: Firefox 3.6 shows as insecure
Member 1st Mar, 2010 08:43
on 27th Feb, 2010 09:49, Snoopy wrote:
Yesterday I upgraded to Firefox 3.6 as PSI indicated that version 3.5 was insecure. After running a scan PSI still shows Firefox 3.5 as insecure. I looked in the folder where the Firefox exe file is located. The date last modified shows a date of 1-15-10. In fact, most of the files in the folder show the older date. However, when I open Firefox using this exe file, the version is indicated as 3.6.


Hi,

Please try using Firefox's internal update system. There is a chance you missed a patch. Are you shown as secure by Firefox's own patcher?

Have you tried clicking the Solution button from the PSI again? There may be incremental patches to consider.

Hope this helps.
Was this reply relevant?
+0
-0
Snoopy RE: Firefox 3.6 shows as insecure
Member 1st Mar, 2010 23:16
Score: 1
Posts: 6
User Since: 31st Dec 2007
System Score: N/A
Location: N/A
OK. I installed Firefox 3.5.8 over version 3.6 and ran a Secunia PSI scan. Same story - Firefox is insecure. So I tried the Firefox internal updater which installed version 3.6 and ran another PSI scan. Once again it detects Firefox version 3.5.6
and shows it insecure. And yes, I did try the Solution button in PSI.

However, this time all of the files in the Mozilla Firefox folder show 3/1/2010 as the date modified.

You said there's a chance I missed a patch. Shouldn't updating to version 3.6 include all past patches? You ask: "Are you sure shown as secure by Firefox's own patcher?" How can I check this in Firefox?

Snoopy
Was this reply relevant?
+0
-0
This user no longer exists RE: Firefox 3.6 shows as insecure
Member 2nd Mar, 2010 08:52
Hi,

To see which version Firefox says you have install, you can click "Help > About Mozilla Firefox" which should show you a version number. This needs to be either 3.5.8 or higher. If it is, you are secure.
Refer to: http://secunia.com/advisories/37242

What is the "path" to Firefox? If you click + to expand the entry, it would help if you posted the field "Installation Path" here.

Is it shown in the Insecure tab, or does it show a vulnerability in the Secure Browsing tab? The Secure Browsing tab, provididing an extra feature, shows even exploits you cannot patch, to help you assess which of your browsers are secure for surfing. Firefox currently has an unpatched vulnerability. If it is only shown in Secure Browsing, you have done all you can.

Hope this helps.
Was this reply relevant?
+0
-0
Snoopy RE: Firefox 3.6 shows as insecure
Member 4th Mar, 2010 20:56
Score: 1
Posts: 6
User Since: 31st Dec 2007
System Score: N/A
Location: N/A
Hi Emil,

Just wanted to let you know that as of today's PSI scan, my Firefox v3.6 now shows as secure. Thanks for your assistance.

Snoopy
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
 
Secunia © 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+