navigation bar left navigation bar right

Secunia CSI7
navigation left tab Advisories navigation right tab
navigation left tab Research navigation right tab
navigation left tab Forums navigation right tab
navigation left tab Create Profile navigation right tab
navigation left tab Our Commitment navigation right tab
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Firefox 3.6.4 released

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Mozilla Foundation
And, this specific program:
Mozilla Firefox 3.6.x

This thread has been marked as locked.
spudz Firefox 3.6.4 released
Member 23rd Jun, 2010 03:41
Ranking: 0
Posts: 6
User Since: 12th Dec, 2009
System Score: N/A
Location: N/A
Firefox 3.6.4 was just released today and I don't see Secunia forum or program giving any info on whether the vulnerability http://secunia.com/advisories/39925/ is yet patched!

tom_1st RE: Firefox 3.6.4 released
Member 23rd Jun, 2010 09:55
Score: 12
Posts: 24
User Since: 23rd Jun 2010
System Score: N/A
Location: DE
Not in that version as i recall.

http://www.mozilla.com/en-US/firefox/3.6.4/release...
http://www.mozilla.org/security/known-vulnerabilit...

ToM
Was this reply relevant?
+0
-0
This user no longer exists RE: Firefox 3.6.4 released
Member 23rd Jun, 2010 10:35
Hi,

If you rescan now, all our rules should be update. The latest secure version (as of now) is 3.5.10 for the 3.5.x branch, or 3.6.4 for 3.6.x.

hope this helps.
Was this reply relevant?
+0
-0
NCIronMan RE: Firefox 3.6.4 released
Member 24th Jun, 2010 00:31
Score: 0
Posts: 1
User Since: 12th Feb 2010
System Score: 99%
Location: US
Firefox 3.6.4 still comes up as "insecure" w/ no solution. Should I be worried? I stay away from IE 8, both 32 & 64 bit for OBVIOUS reasons. PLEASE tell me my beloved Firefox is safe now???????

I have rebooted, rescanned etc... but still get bad news. re:
Secunia Profile SA39925 - Mozilla Firefox 3.6.x / Insecure, no solution.


Was this reply relevant?
+0
-0
spudz RE: Firefox 3.6.4 released
Member 24th Jun, 2010 01:19
Score: 0
Posts: 6
User Since: 12th Dec 2009
System Score: N/A
Location: N/A
Like the other poster here, I too have rescanned even after rebooting and the browser still shows up as insecure! Is vulnerability finally fixes and should I no longer be concerned or is it still prevelent?
Was this reply relevant?
+0
-0
This user no longer exists RE: Firefox 3.6.4 released
Member 24th Jun, 2010 08:45
HI,

When a program shows up in "Insecure", it's because there is a specific vulnerability for that product, that has already been patched. So the PSI is encuraging you to patch.

The programs that show up in Secure Browsing, however, are affected by different terms. A program will still be shown as insecure in this tab, even if there is no solution for the insecurity. This data is provided in the hope of helping people decide how much risk they want to expose themselves too via the browsers.

So if a program no longer shown up in Patched, only "secure browsing", you've done all you can do.

hope this helps.
Was this reply relevant?
+0
-0
WilliamB RE: Firefox 3.6.4 released
Member 24th Jun, 2010 17:44
Score: -2
Posts: 3
User Since: 13th Dec 2009
System Score: 100%
Location: UK
on 23rd Jun, 2010 10:35, wrote:
Hi,

If you rescan now, all our rules should be update. The latest secure version (as of now) is 3.5.10 for the 3.5.x branch, or 3.6.4 for 3.6.x.

hope this helps.


If. as you state above, the latest SECURE version for 3.6.x is 3.6.4, why does it still show up as INSECURE on a scan.

I updated to 3.6.4 last night. As my computer has been switched off overnight, this would count as a reboot when I switched it on and booted-up this afternoon. I scanned with PSI 1.5.0.2 this afternoon and Firefox is still listed as 'Insecure, no solution.'

Either it is Insecure or it is not.
Was this reply relevant?
+0
-1
M.Hansen RE: Firefox 3.6.4 released
Secunia Official 24th Jun, 2010 19:25
Score: 188
Posts: 412
User Since: 26th Jan 2009
System Score: N/A
Location: Copenhagen, DK
Even after the update to Firefox 3.6.4 there is still some unpatched vulnerabilities.

That's why it's still marked as "Insecure, no solution"
CaptainLeonidas RE: Firefox 3.6.4 released
Member 24th Jun, 2010 20:45
Score: 0
Posts: 1
User Since: 24th Jun 2010
System Score: N/A
Location: NL
Hmm

I have upgraded my FF to 3.6.4 (Programs and Features state so too).
Yet PSI sees the current installment of FF as 3.6.3.

Comments?
Was this reply relevant?
+0
-0
WilliamB RE: Firefox 3.6.4 released
Member 24th Jun, 2010 22:31
Score: -2
Posts: 3
User Since: 13th Dec 2009
System Score: 100%
Location: UK
on 24th Jun, 2010 19:25, M.Hansen wrote:
Even after the update to Firefox 3.6.4 there is still some unpatched vulnerabilities.

That's why it's still marked as "Insecure, no solution"


So when Mr Peterson said that 3.6.4 was the latest SECURE version, he actually meant the latest LEAST INSECURE version. It is a pity that that wasn't made clear. I read his post as meaning that 3.6.4 was SECURE and that the rules had been updated to reflect that. I don't think I'm the only person to read it as such.

Unless, of course, 3.6.4 was SECURE 24 hours ago and some new insecurities have come to light since - which would seem unlikely, though not impossible.
Was this reply relevant?
+0
-1
Maurice Joyce RE: Firefox 3.6.4 released
Handling Contributor 24th Jun, 2010 23:12
Score: 11865
Posts: 9,101
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Last edited on 24th Jun, 2010 23:35
Perhaps it might help if I explain a little about the results PSI gives the end user.

In the case of IE & Firefox they are both currently in the PATCHED tab. This means that U have got the most secure version the vendor has to offer.

If either of these two (or any programme for that matter) are in the INSECURE tab this means a patch is available for U to find/install.

There is another tab called SECURE BROWSING. This requires checking as well. It will be noted that both IE & Firefox have a problem which the vendor has not patched.

Alongside that entry will be details of the problem. The two current entries are:

http://secunia.com/advisories/40283/

http://secunia.com/advisories/24314/

By clicking on the advisory number & reading them it tells U what the outstanding issue is. In this instance both have very LOW (two green lights) levels of exposure. The user can now make a decision on what to do before it is vendor fixed.

1. Safe surfing to counter the threat outlined in the advisory.
2. Install another browser that has no current problems.

For what it is worth, I only use IE. The IE advisory has been around for a long time. I have noted it and carried on surfing regardless. The level is so low it is not worth too much "loss of sleep"
In this instance the same can be said for Firefox.

Details of what the colour codes mean is here:
http://secunia.com/community/advisories/terminolog...

I hope this helps a bit more.






--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+9
-0
Anthony Wells RE: Firefox 3.6.4 released
Expert Contributor 24th Jun, 2010 23:43
Score: 2463
Posts: 3,348
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

@Maurice Joyce ,

Hopefully to avoid confusion ; on my PC , when using PSI v1.9.0.0. , "secure browsing" currently shows Firefox v3.6.4. as "insecure , no solution" subject to SA 39925 of 27/05/2010 rather than the newer SA 40283 of 24/06/2010 - both are two green categories .

IE7 shows as "insecure, no solution" subject to SA 22628 - category two green and a yellow - rather then SA 24314.

@CaptainLeonidas ,

Using PSI in "advanced" mode , in which tab is your version Ff 3.6.3. showing ??

What is the "installation path" ??

Is v3.6.4. showing in the "patched" tab ??

Take care
Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+2
-0
Maurice Joyce RE: Firefox 3.6.4 released
Handling Contributor 24th Jun, 2010 23:50
Score: 11865
Posts: 9,101
User Since: 4th Jan 2009
System Score: N/A
Location: UK
@Anthony - Thank you - I agree - I have used the wrong SA in my explanation but the "price of fish" remains the same.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
Anthony Wells RE: Firefox 3.6.4 released
Expert Contributor 25th Jun, 2010 00:02
Score: 2463
Posts: 3,348
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

@Maurice ,

Actually , the price of sardines are well up this year , as Eric Cantona - a meticulous man from these parts - would be quick to point out :))

The sunshine is still free .

Take care
Anthony


--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-2
M.Hansen RE: Firefox 3.6.4 released
Secunia Official 25th Jun, 2010 08:10
Score: 188
Posts: 412
User Since: 26th Jan 2009
System Score: N/A
Location: Copenhagen, DK
on 24th Jun, 2010 22:31, WilliamB wrote:

Unless, of course, 3.6.4 was SECURE 24 hours ago and some new insecurities have come to light since - which would seem unlikely, though not impossible.


It seems the unlikely (almost) did happen:
http://secunia.com/advisories/40283/ - Release date 24. Jun 2010.

Firefox is current affected by the advisory above and the one below:
http://secunia.com/advisories/39925/


Happy patching everyone

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
 
Secunia © 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+