Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Firefox threat

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Mozilla Foundation
And, this specific program:
Mozilla Firefox 2.0.x

This thread has been marked as locked.
Giancarlo01 Firefox threat
Member 15th Jun, 2010 07:05
Ranking: 0
Posts: 5
User Since: 11th Jun, 2010
System Score: N/A
Location: N/A
I get a threat of Category 4 listed as "Mozilla Firefox 2.0.x. When I click on the Solution button all it does is open Firefox homepage without any other explanation? I obviously am running more current version of Firefox.

What am I supposed to do on the Firefox site?

Thanks in advance,
Giancarlo

Giancarlo01 RE: Firefox threat
Member 15th Jun, 2010 07:09
Score: 0
Posts: 5
User Since: 11th Jun 2010
System Score: N/A
Location: N/A
Follow up

Here is my add-on info:

Microsoft® DRM
DRM Store Netscape Plugin 9.0.0.4503 Up to Date

Shockwave Flash
Shockwave Flash 10.1 r53 10.1.53.64 Up to Date


Java Deployment Toolkit 6.0.200.2
NPRuntime Script Plug-in Library for Java(TM) Deploy 6.0.200.2 Up to Date


Windows Media Player Plug-in Dynamic Link Library
Npdsplay dll Unable to Detect Plugin Version Research

Windows Genuine Advantage
1.7.0069.2 Unable to Detect Plugin Version Research
Was this reply relevant?
+0
-0
This user no longer exists RE: Firefox threat
Member 15th Jun, 2010 08:31
Hi,

Mozilla Firefox 2.x is not unpatched, it is end-of-life. This means the vendor has dropped official support for the product, and will no longer be releasing patches and so on, for any potential security issue. It is therefore suggested that you upgrade to a more recent version. The currently recent versions of Firefox are 3.5.x & 3.6.x. I suggest you upgrade to one of those to remedy your Firefox problem.

hope this helps.
Was this reply relevant?
+0
-0
Giancarlo01 RE: Firefox threat
Member 15th Jun, 2010 16:26
Score: 0
Posts: 5
User Since: 11th Jun 2010
System Score: N/A
Location: N/A
I am currently running 3.6.3 and have kept up with up-dates. It is possible that there is "stuff" or even a whole earlier version that hasn't been deleted during updates.
In my Add / Remove panel it only shows version 3.6.3

Giancarlo
Was this reply relevant?
+0
-0
TiMow RE: Firefox threat
Dedicated Contributor 15th Jun, 2010 16:45
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
Using PSI in Advanced mode (click "Advanced" top right of PSI window, then OK).
Where ever this old insecure version of Ff. is listed - either under Insecure tab or End-of-Life tab (red lettering), then click on "[+]" on left of it, for toolbox icons.

Find and click the Open Folder icon - this takes you to its file location.

You can then decide if you want to delete it from here.

Deletions normally go to Recycle bin (using my OS of XP), and can be reversed if necessary.

If you do delete re boot and re-scan PSI

If insecurity still shows up after this you may need to further delete from Recycle bin, as PSI reports on the contents also.

TiMow

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+1
-0
wr RE: Firefox threat
Contributor 15th Jun, 2010 17:31
Score: 308
Posts: 736
User Since: 30th Mar 2008
System Score: 100%
Location: US
Last edited on 15th Jun, 2010 17:33
Hi all

@Giancarlo01 If the program in question is not populated
in Add/Remove suggest you try this method to 'track down'
the troublesome file:To locate the exact file that the Secunia PSI has detected, use or switch to the ADVANCED interface, then :

1 Click on the + sign of the program to 'expand' it.
2 Click on Technical Details in the Toolbox to see the installation path of the detected file.


Hope this helps.

Regards, wr

EDIT: Sorry for cross-post TiMow--do carry on. I'll
step aside.

--
HP Pavilion Slimline s3020n
Windows Vista Home Premium SP2 32 bit
AMD 64 Athlon X2
Firefox 24.4.0 ESR
The weakest link of a computer system is always sitting in front of the monitor.
Was this reply relevant?
+1
-0
Giancarlo01 RE: Firefox threat
Member 15th Jun, 2010 17:50
Score: 0
Posts: 5
User Since: 11th Jun 2010
System Score: N/A
Location: N/A
Got it. Now, it takes me to the Program File: Mozilla Firfefox. If I uninstall this file via one of the subfile options, will I uninstall current version as well?
Was this reply relevant?
+0
-0
TiMow RE: Firefox threat
Dedicated Contributor 15th Jun, 2010 18:15
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
Hi wr

Time is becoming an issue at the moment, for me.
If you feel you have a handle on this , then no need to back off.

Regards

TiMow

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+0
-0
wr RE: Firefox threat
Contributor 15th Jun, 2010 19:10
Score: 308
Posts: 736
User Since: 30th Mar 2008
System Score: 100%
Location: US
Last edited on 15th Jun, 2010 19:10
Hi Giancarlo01

Yes you should be able to safely delete there. Just make
sure it's the old version that you're deleting, not
current v.3.6.3.

Reboot & rescan to make sure all traces are gone.

wr

--
HP Pavilion Slimline s3020n
Windows Vista Home Premium SP2 32 bit
AMD 64 Athlon X2
Firefox 24.4.0 ESR
The weakest link of a computer system is always sitting in front of the monitor.
Was this reply relevant?
+0
-0
Giancarlo01 RE: Firefox threat
Member 16th Jun, 2010 05:09
Score: 0
Posts: 5
User Since: 11th Jun 2010
System Score: N/A
Location: N/A
Last edited on 16th Jun, 2010 05:13
Hi wr,

This a response from Mozilla (i think):

"Do a search of Files and Folders, and see how many __firefox.exe__ files show up on your PC. Unless you did a "custom" install of Firefox at some point, every version of Firefox you installed or updated should have overwritten any previous installation."

And yes, every time I update I do "custom" install so that I don't get unwanted "extras" added without my knowledge. I guess that upgrading that way leaves old file in system.

Anyway, I did what you suggested and so far so good. I'll leave the stuff in the recycle bin for a couple of days before deleting.

Gentlemen, thanks for your help
Giancarlo
Was this reply relevant?
+0
-0
wr RE: Firefox threat
Contributor 16th Jun, 2010 07:17
Score: 308
Posts: 736
User Since: 30th Mar 2008
System Score: 100%
Location: US
Hi Giancarlo01

Good to hear problem all sorted now & you're welcome.
Please remember, if nothing shows up, to lock this thread
by choosing ACCEPT so you & I will not receive
unnecessary update emails. Also be advised that before you 'take out the trash' the PSI will probably 'find' your deleted
files in the Recycle Bin when you do a scan.

Regards, wr


--
HP Pavilion Slimline s3020n
Windows Vista Home Premium SP2 32 bit
AMD 64 Athlon X2
Firefox 24.4.0 ESR
The weakest link of a computer system is always sitting in front of the monitor.
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer