Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: I fixed Adobe why is it saying browser still unsecure

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Adobe Systems
And, this specific program:
Adobe Flash Player 10.x

This thread has been marked as locked.
jckinnick I fixed Adobe why is it saying browser still unsecure
Member 8th Jun, 2010 11:10
Ranking: 6
Posts: 143
User Since: 21st May, 2010
System Score: N/A
Location: N/A
In the overview section it lists some unsecure browsers with no possible solutions at the moment. I have 3 listed IE, Opera, and Safari. One of the things thats making it unsecure is the latest version of Adobe 10.0. Under possible solutions it says that reportedly the latest beta version of Adobe 10.1 is a fix for this problem. So i uninstalled the latest version of Adobe and downloaded the beta 10.1 version and did a scan and it still has Adobe listed as unsecure in those 3 browsers.

What up with that?

Leendert Kip I fixed Adobe why is it saying browser still unsecure
Member 8th Jun, 2010 11:15
Score: 70
Posts: 526
User Since: 22nd Jan 2009
System Score: 100%
Location: NL
Last edited on 8th Jun, 2010 11:17
The problem with Safari was v. 4.0. This morning v. 5.0 was available and I installed without problem. I don't know if it's secure or not because v. 5.0 is not in the patched programs list and maybe unknown to Secunia.

--
PC: JJ Computer Services
Intel Core I3 2100 3.1Ghz
DDR3 Kingston ValueRam 4GB 1333
Windows 7 Home Premium 64bits SP1
Secunia PSI 3.0.0.9016
Internet Explorer 9
Mozilla Firefox 31NL

Laptop: MSI GT780DX
Intel Core I5-2450
DDR3 RAM 6GB
Windows 7 Home Premium 64bits SP1
Secunia PSI 3.0.0.9016
Internet Explorer 11
Mozilla Firefox 31NL
Was this reply relevant?
+0
-0
TiMow RE: I fixed Adobe why is it saying browser still unsecure
Dedicated Contributor 8th Jun, 2010 11:18
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
As this RC7 (10.1) Flash is still release candidate and not full release version update, PSI recognises this as secure under patched, but only as a workaround under secure browsing (and not a full solution), hence the browser boxes still showing red.

Both Secunia and Adobe report the latest RC7 flash as not effected by the vulnerability - so you should be secure, despite the PSI reporting conflicts.

TiMow

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+1
-0
jckinnick RE: I fixed Adobe why is it saying browser still unsecure
Member 8th Jun, 2010 11:29
Score: 6
Posts: 143
User Since: 21st May 2010
System Score: N/A
Location: N/A
RC7 ?


I had somehow went back to the latest version of Adobe but i had 10.1 before and i thought that PSI showed it as secure because before i just had 2 browsers that were unsecure.



Is that a new version of Safari for Windows?
Was this reply relevant?
+0
-0
TiMow RE: I fixed Adobe why is it saying browser still unsecure
Dedicated Contributor 8th Jun, 2010 11:50
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
RC7 is the latest release (R) candidate (C) version of Flash (10.1.53.64 ), to which you have been referring. Full designation is10.1.53.64 RC7.

All my 3 browser boxes are red under secure browsing because Flash shows as cat.5 threat (despite latest "fix" - for reasons I've described above).
Prior to this Flash threat; IE was boxed in yellow (longstanding cat.3 threat) as was Firefox (recent cat.2 threat).

As I use neither Opera nor Safari, I am unable to comment on their present status.

@Leendert Kip seems to have a better take on matters relating to Safari, in his post above.

In addition, you can click on the blue SA number links that show in each browser box, for further information.

TiMow

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+1
-0
mogs RE: I fixed Adobe why is it saying browser still unsecure
Expert Contributor 8th Jun, 2010 12:26
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Hello.
You do not say how you uninstalled AFP....whether you used Adobe's uninstaller ?
There is even a more recent version of that.
Unless it is completely removed; psi may still be detecting old files/versions even if in the Recycle bin.
I was only able to rectify matters and install the RC after first using the Adobe uninstaller and having a clear out via Regedit.

--
Was this reply relevant?
+1
-0
jckinnick RE: I fixed Adobe why is it saying browser still unsecure
Member 8th Jun, 2010 12:44
Score: 6
Posts: 143
User Since: 21st May 2010
System Score: N/A
Location: N/A
The 10.1.53 version is a beta version right?


Yeah i used the uninstaller downloaded that new Safari update and now i have two browsers unsecure. IE is still showing Adobe Flash as unsecure though.
Was this reply relevant?
+1
-0
mogs RE: I fixed Adobe why is it saying browser still unsecure
Expert Contributor 8th Jun, 2010 13:02
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Yeah.....I use Dev channel Chrome which, like the Beta version is'nt monitored by psi....yet, the RC Adobe is shown in my Patched tab and Secure Browsing tab with IE8. I think you've probably gone as far as you can with that one.
Don't know anything about Safari nor Opera.....I think if it were possible I'd just have the one....it's not an ideal world tho' !!!

--
Was this reply relevant?
+0
-0
ddmarshall RE: I fixed Adobe why is it saying browser still unsecure
Dedicated Contributor 8th Jun, 2010 13:05
Score: 1212
Posts: 965
User Since: 8th Nov 2008
System Score: 98%
Location: UK
It is a Release Candidate, which is a step past Beta.

There is an uninstaller associated with this version available here:
http://labs.adobe.com/downloads/flashplayer10.html...

If it is necessary to remove registry entries, use the uninstaller from a command prompt with the /clean switch. This article explains how:
http://kb2.adobe.com/cps/402/kb402435.html

It will need modifying for OS and the name of the uninstaller.

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+3
-0
jckinnick RE: I fixed Adobe why is it saying browser still unsecure
Member 8th Jun, 2010 13:19
Score: 6
Posts: 143
User Since: 21st May 2010
System Score: N/A
Location: N/A
Im not sure what version of IE i have im still using Windows XP is IE still being updated when Windows updates. I know Windows media player 10 was the last update i could do without having to upgrade.
Was this reply relevant?
+0
-0
TiMow RE: I fixed Adobe why is it saying browser still unsecure
Dedicated Contributor 8th Jun, 2010 13:31
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
In IE > Help menu > About Internet Explorer - shows which IE you have installed.

Also PSI (Advanced) > Patched tab > scroll down to Microsoft Internet Explorer - which should be followed by "8.x", and then "8.0.6001.18702" (full version no. for latest).

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+1
-0
mogs RE: I fixed Adobe why is it saying browser still unsecure
Expert Contributor 8th Jun, 2010 13:31
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
If you look in your Secure Browsing tab it will say what version IE you are using.........are you using Secunia psi with the Advanced interface ?

--
Was this reply relevant?
+1
-0
jckinnick RE: I fixed Adobe why is it saying browser still unsecure
Member 9th Jun, 2010 06:48
Score: 6
Posts: 143
User Since: 21st May 2010
System Score: N/A
Location: N/A
Yeah im using the advanced version and i have IE 8.x.
Was this reply relevant?
+0
-0
jckinnick RE: I fixed Adobe why is it saying browser still unsecure
Member 9th Jun, 2010 06:56
Score: 6
Posts: 143
User Since: 21st May 2010
System Score: N/A
Location: N/A
Last edited on 9th Jun, 2010 06:56
When i installed Adobe Flash does it not go to all the browsers im using? IE still shows it as vulnerable. Under IE its showing Adobe 10.1 NAPI and Adobe Active X. Apparently i have to versions and need two remove one?
Was this reply relevant?
+0
-0
jckinnick RE: I fixed Adobe why is it saying browser still unsecure
Member 9th Jun, 2010 07:13
Score: 6
Posts: 143
User Since: 21st May 2010
System Score: N/A
Location: N/A
I used the uninstall tool from Adobe that PSI suggested, whcih i though i had used before i installed the new 10.1 version. Now for IE it shows three new things unsecure one of them is windows updates so right now im downloading new windows updates.
Was this reply relevant?
+0
-0
jckinnick RE: I fixed Adobe why is it saying browser still unsecure
Member 9th Jun, 2010 09:34
Score: 6
Posts: 143
User Since: 21st May 2010
System Score: N/A
Location: N/A
on 9th Jun, 2010 06:56, jckinnick wrote:
When i installed Adobe Flash does it not go to all the browsers im using? IE still shows it as vulnerable. Under IE its showing Adobe 10.1 NAPI and Adobe Active X. Apparently i have to versions and need two remove one?



Nevermind this i was wrong it was looking under the patched section that was showing two versions. Still though there shouldnt be two versions should there? I dont even know what NABI is.
Was this reply relevant?
+0
-0
TiMow RE: I fixed Adobe why is it saying browser still unsecure
Dedicated Contributor 9th Jun, 2010 10:47
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
Last edited on 9th Jun, 2010 11:02
Flash is used by your browsers for graphics, videos, games etc.

IE uses Flash (ActiveX) - PSI require this version for the display of it's graphics (pie chart and bars).

Other browsers need Flash (NPAPI).

When you install/update Flash you normally need to do this twice - once using IE for ActiveX, and once using another browser for NPAPI.

This is why you see both entries under Patched - this normal.

Be careful that you're not trying too hard.

If you are showing the latest RC7 Flash (10.1.53.64) for both ActiveX and NPAPI, under patched, then you have done all you can (for now) re. flash.

As far as I know the browser boxes still show red until the full release version of flash is available - providing you have no other cat.4 or cat.5 threats (other than flash) showing in your browser boxes (under Secure Browsing).

TiMow

EDIT: Re. this and your other thread - if there is any term of which you are unsure, then type "define: xxxxx" (where xxxx is the term you need explaining), into your browsers search box. Alternatively Wikipedia is always a good source of reference, or try this link:

http://www.cryer.co.uk/glossary/a/index.htm

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+1
-0
jckinnick RE: I fixed Adobe why is it saying browser still unsecure
Member 9th Jun, 2010 11:12
Score: 6
Posts: 143
User Since: 21st May 2010
System Score: N/A
Location: N/A
Oh, so since IE uses Active X thats why its showing it as unsecure and the others as browsers as ok?
Was this reply relevant?
+0
-0
TiMow RE: I fixed Adobe why is it saying browser still unsecure
Dedicated Contributor 9th Jun, 2010 13:01
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
It all depends against which component within your browser box the insecurity is showing.

e.g. In my IE8 browser box (currently red surround), I have the following:

1) Adobe Flash Player 10.x Insecure, no solution [cat.5 threat (5/5 coloured boxes)] SA40026

2) Microsoft Internet Explorer 8.x Insecure, no solution [cat.2 threat (2/5 coloured boxes)] SA24314

The second entry for IE8 is a long-standing insecurity (which wont be fixed before IE9) but has in the recent past downgraded from cat.3 to cat.2 threat. Prior to the recent problem with flash the box surround was yellow (caution).

When the problem arose with flash, because this shows as cat.5 threat, it turned the box red. After I uninstalled the insecure flash , it went back to yellow, and then back to red after installation of new flash (RC7).
As far as I know, this is because the PSI detection rules don't recognise this flash as a full solution, due to its release candidate status.

My other 2 browsers (Chrome and Firefox), also show red because of the same cat.5 threat showing against Adobe Flash Player 10.x within their boxes.

If you are fortunate enough to have your other browsers not showing red under secure browsing, then that's good.

I am happy that the latest flash is recognised as not being effected by the vulnerability, despite the red browser boxes.

TiMow

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer