Secunia
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Thread: Firefox 3.6.4 released
You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.This thread was submitted in the following forum:
Programs
|
Relating to this vendor: Mozilla Foundation |
And, this specific program: Mozilla Firefox 3.6.x |
| spudz | Firefox 3.6.4 released |
|---|---|
 |
23rd Jun, 2010 03:41 |
|
Ranking: 0 Posts: 6 User Since: 12th Dec, 2009 System Score: N/A Location: N/A |
Firefox 3.6.4 was just released today and I don't see Secunia forum or program giving any info on whether the vulnerability http://secunia.com/advisories/39925/ is yet patched! |
| tom_1st | RE: Firefox 3.6.4 released | ||||||||
|
|
23rd Jun, 2010 09:55 | ||||||||
| Score: 12 Posts: 24 User Since: 23rd Jun 2010 System Score: N/A Location: DE |
Not in that version as i recall. http://www.mozilla.com/en-US/firefox/3.6.4/release... http://www.mozilla.org/security/known-vulnerabilit... ToM |
||||||||
|
|||||||||
| E.Petersen | RE: Firefox 3.6.4 released |
|
23rd Jun, 2010 10:35 |
| Score: 649 Posts: 1,892 User Since: 1st Jul 2009 System Score: N/A Location: Copenhagen, DK |
Hi, If you rescan now, all our rules should be update. The latest secure version (as of now) is 3.5.10 for the 3.5.x branch, or 3.6.4 for 3.6.x. hope this helps. -- Kind regards, Emil R. Petersen Secunia PSI Support Secunia PSI http://secunia.com/vulnerability_scanning/personal |
| NCIronMan | RE: Firefox 3.6.4 released | ||||||||
|
|
24th Jun, 2010 00:31 | ||||||||
| Score: 0 Posts: 1 User Since: 12th Feb 2010 System Score: 99% Location: US |
Firefox 3.6.4 still comes up as "insecure" w/ no solution. Should I be worried? I stay away from IE 8, both 32 & 64 bit for OBVIOUS reasons. PLEASE tell me my beloved Firefox is safe now??????? I have rebooted, rescanned etc... but still get bad news. re: Secunia Profile SA39925 - Mozilla Firefox 3.6.x / Insecure, no solution. |
||||||||
|
|||||||||
| spudz | RE: Firefox 3.6.4 released | ||||||||
|
|
24th Jun, 2010 01:19 | ||||||||
| Score: 0 Posts: 6 User Since: 12th Dec 2009 System Score: N/A Location: N/A |
Like the other poster here, I too have rescanned even after rebooting and the browser still shows up as insecure! Is vulnerability finally fixes and should I no longer be concerned or is it still prevelent? | ||||||||
|
|||||||||
| E.Petersen | RE: Firefox 3.6.4 released |
|
|
24th Jun, 2010 08:45 |
| Score: 649 Posts: 1,892 User Since: 1st Jul 2009 System Score: N/A Location: Copenhagen, DK |
HI, When a program shows up in "Insecure", it's because there is a specific vulnerability for that product, that has already been patched. So the PSI is encuraging you to patch. The programs that show up in Secure Browsing, however, are affected by different terms. A program will still be shown as insecure in this tab, even if there is no solution for the insecurity. This data is provided in the hope of helping people decide how much risk they want to expose themselves too via the browsers. So if a program no longer shown up in Patched, only "secure browsing", you've done all you can do. hope this helps. -- Kind regards, Emil R. Petersen Secunia PSI Support Secunia PSI http://secunia.com/vulnerability_scanning/personal |
| WilliamB | RE: Firefox 3.6.4 released | ||||||||
|
|
24th Jun, 2010 17:44 | ||||||||
| Score: -2 Posts: 3 User Since: 13th Dec 2009 System Score: 100% Location: UK |
on 23rd Jun, 2010 10:35, E.Petersen wrote: Hi, If you rescan now, all our rules should be update. The latest secure version (as of now) is 3.5.10 for the 3.5.x branch, or 3.6.4 for 3.6.x. hope this helps. If. as you state above, the latest SECURE version for 3.6.x is 3.6.4, why does it still show up as INSECURE on a scan. I updated to 3.6.4 last night. As my computer has been switched off overnight, this would count as a reboot when I switched it on and booted-up this afternoon. I scanned with PSI 1.5.0.2 this afternoon and Firefox is still listed as 'Insecure, no solution.' Either it is Insecure or it is not. |
||||||||
|
|||||||||
| M.Hansen | RE: Firefox 3.6.4 released |
|
|
24th Jun, 2010 19:25 |
| Score: 188 Posts: 376 User Since: 26th Jan 2009 System Score: N/A Location: Copenhagen, DK |
Even after the update to Firefox 3.6.4 there is still some unpatched vulnerabilities. That's why it's still marked as "Insecure, no solution" |
| CaptainLeonidas | RE: Firefox 3.6.4 released | ||||||||
|
|
24th Jun, 2010 20:45 | ||||||||
| Score: 0 Posts: 1 User Since: 24th Jun 2010 System Score: N/A Location: NL |
Hmm I have upgraded my FF to 3.6.4 (Programs and Features state so too). Yet PSI sees the current installment of FF as 3.6.3. Comments? |
||||||||
|
|||||||||
| WilliamB | RE: Firefox 3.6.4 released | ||||||||
|
|
24th Jun, 2010 22:31 | ||||||||
| Score: -2 Posts: 3 User Since: 13th Dec 2009 System Score: 100% Location: UK |
on 24th Jun, 2010 19:25, M.Hansen wrote: Even after the update to Firefox 3.6.4 there is still some unpatched vulnerabilities. That's why it's still marked as "Insecure, no solution" So when Mr Peterson said that 3.6.4 was the latest SECURE version, he actually meant the latest LEAST INSECURE version. It is a pity that that wasn't made clear. I read his post as meaning that 3.6.4 was SECURE and that the rules had been updated to reflect that. I don't think I'm the only person to read it as such. Unless, of course, 3.6.4 was SECURE 24 hours ago and some new insecurities have come to light since - which would seem unlikely, though not impossible. |
||||||||
|
|||||||||
| Maurice Joyce | RE: Firefox 3.6.4 released | ||||||||
|
24th Jun, 2010 23:12 | ||||||||
| Score: 8623 Posts: 6,660 User Since: 4th Jan 2009 System Score: 100% Location: UK Last edited on 24th Jun, 2010 23:35 |
Perhaps it might help if I explain a little about the results PSI gives the end user. In the case of IE & Firefox they are both currently in the PATCHED tab. This means that U have got the most secure version the vendor has to offer. If either of these two (or any programme for that matter) are in the INSECURE tab this means a patch is available for U to find/install. There is another tab called SECURE BROWSING. This requires checking as well. It will be noted that both IE & Firefox have a problem which the vendor has not patched. Alongside that entry will be details of the problem. The two current entries are: http://secunia.com/advisories/40283/ http://secunia.com/advisories/24314/ By clicking on the advisory number & reading them it tells U what the outstanding issue is. In this instance both have very LOW (two green lights) levels of exposure. The user can now make a decision on what to do before it is vendor fixed. 1. Safe surfing to counter the threat outlined in the advisory. 2. Install another browser that has no current problems. For what it is worth, I only use IE. The IE advisory has been around for a long time. I have noted it and carried on surfing regardless. The level is so low it is not worth too much "loss of sleep" In this instance the same can be said for Firefox. Details of what the colour codes mean is here: http://secunia.com/community/advisories/terminolog... I hope this helps a bit more. -- Maurice Windows 7 SP1 64 Bit OS HP Intel Pentium i7 IE9 16GB RAM |
||||||||
|
|||||||||
| Anthony Wells | RE: Firefox 3.6.4 released | ||||||||
|
24th Jun, 2010 23:43 | ||||||||
| Score: 2165 Posts: 3,021 User Since: 19th Dec 2007 System Score: N/A Location: N/A |
@Maurice Joyce , Hopefully to avoid confusion ; on my PC , when using PSI v1.9.0.0. , "secure browsing" currently shows Firefox v3.6.4. as "insecure , no solution" subject to SA 39925 of 27/05/2010 rather than the newer SA 40283 of 24/06/2010 - both are two green categories . IE7 shows as "insecure, no solution" subject to SA 22628 - category two green and a yellow - rather then SA 24314. @CaptainLeonidas , Using PSI in "advanced" mode , in which tab is your version Ff 3.6.3. showing ?? What is the "installation path" ?? Is v3.6.4. showing in the "patched" tab ?? Take care Anthony -- It always seems impossible until its done. Nelson Mandela |
||||||||
|
|||||||||
| Maurice Joyce | RE: Firefox 3.6.4 released | ||||||||
|
|
24th Jun, 2010 23:50 | ||||||||
| Score: 8623 Posts: 6,660 User Since: 4th Jan 2009 System Score: 100% Location: UK |
@Anthony - Thank you - I agree - I have used the wrong SA in my explanation but the "price of fish" remains the same. -- Maurice Windows 7 SP1 64 Bit OS HP Intel Pentium i7 IE9 16GB RAM |
||||||||
|
|||||||||
| Anthony Wells | RE: Firefox 3.6.4 released | ||||||||
|
|
25th Jun, 2010 00:02 | ||||||||
| Score: 2165 Posts: 3,021 User Since: 19th Dec 2007 System Score: N/A Location: N/A |
@Maurice , Actually , the price of sardines are well up this year , as Eric Cantona - a meticulous man from these parts - would be quick to point out :)) The sunshine is still free . Take care Anthony -- It always seems impossible until its done. Nelson Mandela |
||||||||
|
|||||||||
| M.Hansen | RE: Firefox 3.6.4 released |
|
|
25th Jun, 2010 08:10 |
| Score: 188 Posts: 376 User Since: 26th Jan 2009 System Score: N/A Location: Copenhagen, DK |
on 24th Jun, 2010 22:31, WilliamB wrote: Unless, of course, 3.6.4 was SECURE 24 hours ago and some new insecurities have come to light since - which would seem unlikely, though not impossible. It seems the unlikely (almost) did happen: http://secunia.com/advisories/40283/ - Release date 24. Jun 2010. Firefox is current affected by the advisory above and the one below: http://secunia.com/advisories/39925/ Happy patching everyone |
