Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Firefox

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Mozilla Foundation
And, this specific program:
Mozilla Firefox 3.6.x

This thread has been marked as locked.
Mr.OKEK Firefox
Member 20th Oct, 2010 09:08
Ranking: 0
Posts: 9
User Since: 18th Oct, 2010
System Score: 92%
Location: DE
Secunia meldet Firefox (Deutsche Version) unsicher! Diese Meldung ist falsch!
Firefox EU Version 3.6.11 update wurde installiert!

Google Translate:
Secunia reports Firefox (German Version) insecure! This message is wrong! Firefox update 3.6.11 EU version is installed!




--
MFG

Mr.OKEK

M.Hansen RE: Firefox
Secunia Official 20th Oct, 2010 09:36
Score: 188
Posts: 410
User Since: 26th Jan 2009
System Score: N/A
Location: Copenhagen, DK
Hi
I believe you are referring to Firefox's insecure status in "Secure Browsing", am I correct?

In "Secure Browsing" you will also be notified if there is a unpatched vulnerabillity in your browser, or in some of the plugins/add-ons that affects that browser.

When you are affected by unpatched vulnerabilities, it's up to you how to proceed.

Some of your options could be:
1. Use a different browser that is secure to use.
2. Uninstall/disable the insecure browser/plugin.
3. Read the details about the vulnerabilities by clicking the SA link in the PSI, so you know how the vulnerability is triggered, so you can easier avoid it.

I hope this answered your question.
Anthony Wells RE: Firefox
Expert Contributor 20th Oct, 2010 12:11
Score: 2445
Posts: 3,332
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 20th Oct, 2010 12:13
Hi ,

Firefox version 3.6.11 was made available yesterday and is fully patched with no known vulnerabilities and shows as such in the patched/results tab and secure browsing .

A plug-in may be insecure if the "secure browsing" tab/page is not showing Ff with a green "light" ; or an old file may have been left behind by the update if the insecure warning is elsewhere .

Where is the PSI showing the insecure file and what is the installation path for this file ?? Does the PSI show a "patched" version as well ??

Have you run a new full scan since updating ??

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
Mr.OKEK RE: Firefox
Member 20th Oct, 2010 15:41
Score: 0
Posts: 9
User Since: 18th Oct 2010
System Score: 92%
Location: DE
Last edited on 20th Oct, 2010 15:43
-> Have you run a new full scan since updating ??

Yes

Habe vollen Scan wiederholt! ( Full Scan repeated!)
Ergebnis das gleiche, Firefox unsicher! (The same result, Firefox uncertain)

Übrigens der Link zum Firefox ist unbrauchbar, da US-Version!
DE Version wäre richtiger!
GT: Incidentally, the link to Firefox is unusable because U.S. version! DE version ware real!

--
MFG

Mr.OKEK
Was this reply relevant?
+0
-0
Anthony Wells RE: Firefox
Expert Contributor 20th Oct, 2010 16:17
Score: 2445
Posts: 3,332
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hi again ,

To help I need to know which version of the PSI are you using .

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
Mr.OKEK RE: Firefox
Member 20th Oct, 2010 16:34
Score: 0
Posts: 9
User Since: 18th Oct 2010
System Score: 92%
Location: DE
Ich benutze Secunia PSI v1.5.0.2 DE!

GT: I use Secunia PSI 1.5.0.2 V DE!

--
MFG

Mr.OKEK
Was this reply relevant?
+0
-0
Anthony Wells RE: Firefox
Expert Contributor 20th Oct, 2010 16:45
Score: 2445
Posts: 3,332
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

OK ,

You need to use the "Advanced" mode of the PSI - the link is at the top right of any of the PSI pages .

In which "tab(s)" is the "insecure" version of Firefox showing ?? Do you have an up to date version (3.6.11) in the "patched" tab ??

What is the "version number" and the "installation path" of the "insecure" listing ?? You find this by clicking the [+] to the left end of the programme entry and the detailed information is displayed in the expanded page .

Anthony


--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
TachyonMage RE: Firefox
Member 20th Oct, 2010 17:48
Score: 0
Posts: 1
User Since: 1st Jul 2009
System Score: N/A
Location: UK
Last edited on 20th Oct, 2010 17:49
The issue is actually a bit bigger.

I am running PSI 2 beta, have Firefox 3.6.11 installed which is reported as vulnerable which may well be true.

The solution according to PSI is "The version detected of Mozilla Firefox 3.6.x was 3.6.11 while the latest version including one or more security fixes is 3.6.9."

Which then pushes me to http://download.mozilla.org/?product=firefox-3.6.1... for a fix which will download what I have anyway.

So we have a loop ;o)


Was this reply relevant?
+0
-0
TiMow RE: Firefox
Dedicated Contributor 20th Oct, 2010 17:59
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
Just to add:

Using PSI 1.5.0.2, the "Insecure, no solution" (SA41244) listing, against Mozilla Firefox, in secure browsing, has now cleared, with the 3.6.11 update.

TiMow

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+0
-0
Anthony Wells RE: Firefox
Expert Contributor 20th Oct, 2010 18:01
Score: 2445
Posts: 3,332
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 20th Oct, 2010 18:05
@TachyonMage ,

You may or may not have the same problem as Mr. OKEK ; let's wait for his reply and see if it is a bug or loop . If it is not the same you should open your own thread . He is using a different version of the PSI .

You will need to add your version of your OS .

Anthony

Edit : the Beta version of the PSI "secure browsing" shows the SA resolved and gives MY Ff a green light/border as I have no insecure plug-ins .

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
Mr.OKEK RE: Firefox
Member 20th Oct, 2010 18:10
Score: 0
Posts: 9
User Since: 18th Oct 2010
System Score: 92%
Location: DE
Last edited on 20th Oct, 2010 18:12
@TachyonMage

Danke für den falschen Link zu Firefox!
Sie haben diesen Thread nicht verstanden, PSI ist bei mir in Deutsch installiert!

Wenn PSI ein Empfehlung ausgibt zu einem unsicheren Programm, dann erwarte ich gemäß Installation in Deutsch, ein Link in Deutsch bzw. Download-Version in Deutsch!

GT: Thank you for the wrong link to Firefox! They did not have this thread, PSI is installed with me in German! IF A PSI recommendation issuing an unsafe program, then I expect according to the installation in German, A link in German or download version in German!


--
MFG

Mr.OKEK
Was this reply relevant?
+0
-0
Mr.OKEK RE: Firefox
Member 20th Oct, 2010 18:18
Score: 0
Posts: 9
User Since: 18th Oct 2010
System Score: 92%
Location: DE
Nebenbei zur Info, mein Computer (Besides about, My Computer):

- AMD Athlon X2 3,8GHz; 4GB Ram, Windows 7 64 Bit

--
MFG

Mr.OKEK
Was this reply relevant?
+0
-0
Anthony Wells RE: Firefox
Expert Contributor 20th Oct, 2010 18:19
Score: 2445
Posts: 3,332
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 20th Oct, 2010 18:26
Hi Mr. OKEK ,

We can deal with the download language version in your other thread you opened :-

http://secunia.com/community/forum/thread/show/599...

Do you still have an "insecure" listing of Firefox showing in your PSI .

If so , can you please answer all of my questions (from above) :-

"You need to use the "Advanced" mode of the PSI - the link is at the top right of any of the PSI pages .

In which "tab(s)" is the "insecure" version of Firefox showing ?? Do you have an up to date version (3.6.11) in the "patched" tab ??

What is the "version number" and the "installation path" of the "insecure" listing ?? You find this by clicking the [+] to the left end of the programme entry and the detailed information is displayed in the expanded page ."

Anthony

PS: @TiMow , 1) if you feel better able to help in German , do so as you also have 1.5.0.2 ; GT is very poor and does not help . 2) I forget , does 1.5x not offer regional language version updates ( the Beta does not - except a few "auto-updates" ?? Look at the thread link above .

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0
Mr.OKEK RE: Firefox
Member 20th Oct, 2010 18:31
Score: 0
Posts: 9
User Since: 18th Oct 2010
System Score: 92%
Location: DE
@ Anthony

Im anderen Thread von mir, habe ich allgemein meine Meinung und deren Arbeit von Ihnen abgegeben!

GT: In another thread of mine, I have given my opinion in general and their work from you!

Und diesem Thread spezifisch Problem der Erkennung von PSI zu Firefox! Wie auch beim anderen Browser, wie Opera!

GT: And that thread-specific problem of detecting PSI to Firefox! In other browsers such as female, like Opera!

Ihre gute Arbeit in Punkt Sicherheit hervorragend, aber wenn die Vermittlung in falscher Mutter sprache, birgt ein Sicherheitsproblem! Man ist gezwungen andere Bezugsquellen zu suchen, die unsicher sein können! Oder seh ich das falsch :-?

GT: Your good work in messaging security Excellent die, but as the practice in the wrong language, poses a security problem! One is forced to seek other sources of supply, uncertain his dying Can! Or I see the wrong: -?


--
MFG

Mr.OKEK
Was this reply relevant?
+0
-0
TiMow RE: Firefox
Dedicated Contributor 20th Oct, 2010 19:02
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
A quick note for Anthony regarding your observation in the other thread and this last reply.

Google translate is really having a problem with "die" - the definite article, female/plural form - equivalent to "the".

It keeps failing to translate this and offering up other connotations - e.g. "dying".

This is surprising (or not), as you would expect it to get beyond this basic translation - it could be the placing within the sentence/phrase.

Regards

TiMow

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+0
-0
Anthony Wells RE: Firefox
Expert Contributor 20th Oct, 2010 19:53
Score: 2445
Posts: 3,332
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 20th Oct, 2010 19:59
Hi ,

@TiMow ,

The dying bit , I already came across in Mr.O's third (OPERA) thread and i understand the male/female stuff and "die", I speak good French but that is always the problem area . If you Put "I die " in GT it detects German and the gives it back just the same in English , if you specify English it gives you the correct German (I think) !!

What I cannot seem to get from Mr. O is whether his complaint is with the programme download language , as per his other thread I linked above , when he updated Ff using the 1.5.0.2 manual solution link rather than using the in-programme updater or does he actually have an insecure version of Ff on his machine as per his first post .

Does he now have the 3.6.11 English/German version and has all the messing meant he also has his old/original 3..6.10 German version ?!

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
gdssjov RE: Firefox
Member 21st Oct, 2010 10:22
Score: 0
Posts: 2
User Since: 21st Oct 2010
System Score: N/A
Location: DK
When I use autoupdate from PSI 2.0 Beta - it updated my Firefox 3.6.10 danish to 3.6.11 UK

Strange, since e.g. ninite.com can handle localized installs?
regards
Was this reply relevant?
+0
-0
Anthony Wells RE: Firefox
Expert Contributor 21st Oct, 2010 11:46
Score: 2445
Posts: 3,332
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 21st Oct, 2010 11:50
@gdssjov ,

For the Firefox programme in the Beta results page , click the [+] and then double click the the programme details** ; in the new window you will see that you are offered a language selection for Firefox : unfortunately for you , the preset default language is English , so you need to set your own language from the dropdown menu for future updates .

This is the same for other programmes where there is a language option , otherwise all update solutions offered by the PSI Beta are English/International versions .

Secunia are aware of this "bug" .

Hope that clears things up .

Anthony

PS: ** or just double click the original entry .

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0
triggerhippyfr RE: Firefox
Member 21st Oct, 2010 22:43
Score: 0
Posts: 13
User Since: 17th Feb 2010
System Score: N/A
Location: FR
Last edited on 21st Oct, 2010 22:49
hello everybody , i didn't understand everything in that thread , but i think that i have the same problem as mr okek , today i got a message from PSI 1.9.0.1 that I had an insecure program .

and it's Firefox , today it updated itself when i opened it to the version 3.6.11 , but the message in PSI is dedicated to the version 3.6.10 detected ...

i have to say also that my version of Firefox 3.6.11 is the french one , and from that i had understand , it's maybe because PSI would detect the english version and not the others european lenguages , "and or" maybe some older stuff from 3.6.10 version is still remaining in one folder and making a trouble ?

if u can advise me how to resolve this threat

thx in advance
Was this reply relevant?
+0
-0
triggerhippyfr RE: Firefox
Member 22nd Oct, 2010 12:17
Score: 0
Posts: 13
User Since: 17th Feb 2010
System Score: N/A
Location: FR
some little news from me !!! today i decided to apply the patch given in link in PSI and after an installation and another scan of PSI , the threat disappeared .

an other appeared for Thunderbird , and i have done the same , applying the patch given , and same result the threat disapeared also ...

so now , the result of the scan is perfect , thought i don't understand very well why i had to reinstall Firefox , well exactly the patch for Firefox nor the one for Thunderbird ... beacuse these 2 programs are on the list of the auto-update !!!

if i understand well the utility of the auto update , the programs selected should update themselves with PSI ...
Was this reply relevant?
+0
-0
TiMow RE: Firefox
Dedicated Contributor 22nd Oct, 2010 12:50
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
I'm still using PSI 1.5.0.2 and haven't moved up to 2.0 beta. But, from reading about it on the forum, I believe you need to check (tick) a box for each program you wish to auto update. The default setting is NO auto update.

The following is copied from a reply by Maurice Joyce:

Quote:
"PSI BETA has a nice Manual. On the Dashboard click on LEARN MORE>from the dropdown box select SECUNIA PSI MANUAL (PDF). That will tell U all about settings etc."
Unquote.

With Firefox and Thunderbird, I always update from within the open program:- Help dropdown > Check for updates, when I'm alerted to an update, and not from PSI.
This avoids any changes to personal settings, add-ons, plug-ins, etc., that can sometimes occur, when directed to the vendor (Mozilla) download site.

But the choice is yours, as the auto update facility in 2.0 beta, is designed to simplify things, for those who wish.

TiMow

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+0
-0
Anthony Wells RE: Firefox
Expert Contributor 22nd Oct, 2010 14:31
Score: 2445
Posts: 3,332
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 22nd Oct, 2010 14:38
Bonjour @triggerhippyfr ,

You say you have the PSI 2.0 Beta version 1.9.0.1. ; this is no longer directly supported by Secunia and the latest version 1.9.0.4001 is much improved : here is the link :-

http://secunia.com/PSI2SetupBeta.exe

1)this version will show some/many of your patched updates without a rescan . Your problem with not seeing the update you made to Firefox was probably a scan problem rather than a patch problem .; the same applies to you "suddenly" seeing Thunderbird as "out of date" after the scan.
Please note that all the updaters and solutions in your current version will be in English/International language . so you might possibly get the English version of Ff if you use the PSI "auto-update" or direct "download solution" options in 1.9.0.1.

2)the latest version offers a few/some programmes with language options - as I described in my previous post above ; if you install the latest version 1.9.0.4001 you will understand these points :-

Quote : ""For the Firefox programme in the Beta (1.9.0.4) results page , click the [+] and then double click the the programme details ; in the new window you will see that you are offered a language selection for Firefox : unfortunately for you , the preset default language is English , so you need to set your own language from the dropdown menu for future updates .

This is the same for other programmes where there is a language option , otherwise all update solutions offered by the PSI Beta are English/International versions .""

3) The Mozilla Firefox "auto-update" in version 1.9.0.4001 with the French language selected (as i have indicated above) should not cause problems with your settings etc . , but remember , it is a "Beta" so you may wish to update from within Firefox itself .

4)You will also be able to find "the Dashboard Manual" which @TiMow has referred to in his post .

Hope this clears up a few points concerning versions . If you do not like the latest Beta , you can go back to version 1.5.0.2 , but I would avoid 1.9.0.1 .

Ask again if anything is not clear .

A la prochaine .

Anthony



--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0
triggerhippyfr RE: Firefox
Member 23rd Oct, 2010 10:46
Score: 0
Posts: 13
User Since: 17th Feb 2010
System Score: N/A
Location: FR
Last edited on 23rd Oct, 2010 10:46
hello and Thx TiMow and Anthony .

i installed the last version of PSI that u advised me . Cheers
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability