Secunia
Login
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Thread: Firefox 3.6.3 insecure
You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.This thread was submitted in the following forum:
Programs
|
Relating to this vendor: Mozilla Foundation |
And, this specific program: Mozilla Firefox 3.6.x |
| Gwendo | Firefox 3.6.3 insecure |
|---|---|
 |
29th May, 2010 17:53 |
|
Ranking: 0 Posts: 3 User Since: 14th Sep, 2009 System Score: N/A Location: N/A |
Up until today....PSI 1.5.0.1 showed Firefox 3.6.3 as secure...I downloaded PSI 1.5.0.2 and it now shows Firefox 3.6.3 as insecure re: SA39925..but there is no actual solution. It is detected as being patched but shows as insecure with no actual solution. No patch solution is available that I can tell. Location: C:\ProgramFiles (x86)\Mozilla Firefox\firefox.exe Is this related to the latest "Tabnapping"....URL redirect/site cloning problems (that appear when you temporarily leave one tab (minimize) and go to another, then return to your tab that you believe is secure but it has been hijacked/cloned while you left it) written about by Aza Raskin Mozilla Firefox lead in a blog post this week? Is this why 3.6.3 is listed as insecure? I have re-scanned several times and get the same thing. I checked and I have the latest Firefox version and udpates. I feel Firefox is safest. using No Script ..don't and won't use dangerous IE and I see problems with Opera and others. What should I do? |
| TiMow | RE: Firefox 3.6.3 insecure | ||||||||
|
29th May, 2010 18:04 | ||||||||
| Score: 738 Posts: 728 User Since: 26th Jun 2009 System Score: 100% Location: CH Last edited on 29th May, 2010 18:06 |
Hi Gwendo The Firefox insecurity is coincidental to the PSI upgrade. I can't answer your Q. in your 2nd para, but if you go to the Secure Browsing tab (Advanced mode), you will see that it is only cat.2 threat. If you click on the blue SA number on the right, this will take you to the Secunia Advisory for more info. Until Mozilla issue a vendor patch (update) you should employ save browsing practices until that time, when using Ff. TiMow EDIT: AS of now the latest Chrome shows as secure. -- Computing is not yet a perfect science - it still requires humans. |
||||||||
|
|||||||||
| GoneToPlaid | RE: Firefox 3.6.3 insecure | ||||||||
|
|
29th May, 2010 18:59 | ||||||||
| Score: 5 Posts: 71 User Since: 1st Apr 2009 System Score: 100% Location: Atlanta, US Last edited on 29th May, 2010 18:59 |
on 29th May, 2010 17:53, Gwendo wrote: Is this related to the latest "Tabnapping"....URL redirect/site cloning problems (that appear when you temporarily leave one tab (minimize) and go to another, then return to your tab that you believe is secure but it has been hijacked/cloned while you left it) written about by Aza Raskin Mozilla Firefox lead in a blog post this week? Is this why 3.6.3 is listed as insecure? I have re-scanned several times and get the same thing. I checked and I have the latest Firefox version and udpates. I feel Firefox is safest. using No Script ..don't and won't use dangerous IE and I see problems with Opera and others. What should I do? Hi Gwendo, No, this isn't related to that particular threat. In this case the issue occurs if another tab's URL contains any sensitive information. You know, the extra stuff attached to the URL like "https://www.mybankname.com/?user=loginname" and such. The information appended to the URL (after the ".com/" part) in my example could be grabbed by another browser tab which was crafted to deliberately crash. This particular threat is relatively minor since usually there isn't any really sensitive information appended to the URLs in other browser tabs. Exceptions would be a URL for a tab which includes a SessionID string or login information such as your user name. The simple solution until this bug is fixed is to make sure that any other open browser tabs are for web sites which you trust when you are doing online banking or making an online purchase in another tab. If you are really paranoid then you could simply close all other tabs before you start doing sensitive stuff like online banking or making an online purchase. |
||||||||
|
|||||||||
| Gwendo | RE: Firefox 3.6.3 insecure | ||||||||
|
|
29th May, 2010 19:16 | ||||||||
| Score: 0 Posts: 3 User Since: 14th Sep 2009 System Score: N/A Location: N/A |
TiMow: Yes, thank you. Had read the SA 39925 prior and am indeed doing safe browsing as best I can with various security functions...but was just hoping there was some actual patch that I somehow missed. Appreciate the advice. |
||||||||
|
|||||||||
| Gwendo | RE: Firefox 3.6.3 insecure | ||||||||
|
|
29th May, 2010 19:24 | ||||||||
| Score: 0 Posts: 3 User Since: 14th Sep 2009 System Score: N/A Location: N/A |
GoneToPlaid: Thank you. Good common sense.....I generally watch carefully what's open, minimized and whether I trust any sites for which I have tabs minimized. I try to carefully check URL's. Have several security filters, especially on financial sites I visit, so I should be okay for now. Was just hoping there might be an actual patch that I somehow missed. I am not a techie, but try to watch my back everywhere with (what I would categorize as) my intermediate "newbie" knowledge (or lack thereof).....appreciate the comments. I just keep on asking questions and learning. |
||||||||
|
|||||||||
| GoneToPlaid | RE: Firefox 3.6.3 insecure | ||||||||
|
|
29th May, 2010 19:26 | ||||||||
| Score: 5 Posts: 71 User Since: 1st Apr 2009 System Score: 100% Location: Atlanta, US |
Hi Gwendo, Hehe. Asking lots of questions is the best way to learn. It works for me! |
||||||||
|
|||||||||
| Anthony Wells | RE: Firefox 3.6.3 insecure | ||||||||
|
31st May, 2010 19:41 | ||||||||
| Score: 2324 Posts: 3,204 User Since: 19th Dec 2007 System Score: N/A Location: N/A |
Hello Gwendo , If you are worried about banking security you may or again may not want to check out the two links i posted in this thread :- http://secunia.com/community/forum/thread/show/423... Take care Anthony -- It always seems impossible until its done. Nelson Mandela |
||||||||
|
|||||||||
