Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: No more Thunderbird?

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
OSI

This thread has been marked as resolved.
xolotl No more Thunderbird?
Member 21st Oct, 2010 01:03
Ranking: -9
Posts: 16
User Since: 13th Oct, 2009
System Score: N/A
Location: DE
All in a sudden OSI is skipping Thunderbird. I am pretty sure it was one of the scanned programs in the past.

--
System: Windows XP SP3, Opera 10 or Firefox 3.6

Post "RE: No more Thunderbird?" has been selected as an answer.
Maurice Joyce RE: No more Thunderbird?
Handling Contributor 21st Oct, 2010 01:18
Score: 11738
Posts: 8,999
User Since: 4th Jan 2009
System Score: N/A
Location: UK
It should be showing according to this:

http://secunia.com/vulnerability_scanning/online/p...

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
xolotl RE: No more Thunderbird?
Member 21st Oct, 2010 01:39
Score: -9
Posts: 16
User Since: 13th Oct 2009
System Score: N/A
Location: DE
I know it should be showing but it doesn't: that's the whole point of my post!

--
System: Windows XP SP3, Opera 10 or Firefox 3.6
Was this reply relevant?
+0
-0
M.Hansen RE: No more Thunderbird?
Secunia Official 21st Oct, 2010 09:17
Score: 188
Posts: 410
User Since: 26th Jan 2009
System Score: N/A
Location: Copenhagen, DK
Hi

I have just tested with the OSI and Thunderbird 3.0.9 was correctly detected (default installation folder)

(Display only insecure programs setting was set to "Off")
TiMow RE: No more Thunderbird?
Dedicated Contributor 21st Oct, 2010 09:29
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
Hi Morten

Yesterday (Weds), PSI threw up TB 3.1.4 as insecure, so I updated to 3.1.5, and all is OK again.

If OSI is detecting 3.0.9 and the original poster has later than this, could this be where the problem lies?

I would be surprised if 3.0.9 was the last secure version on your database, with subsequent updates being purely cosmetic, as PSI has reported versions between this and current, as insecure.

Regards

TiMow

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+0
-0
TiMow RE: No more Thunderbird?
Dedicated Contributor 21st Oct, 2010 11:13
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
Last edited on 21st Oct, 2010 11:14
Hi, again, Morten

Out of curiosity, I have just run an OSI scan, with "Enable thorough system inspection" checked, and "Display only insecure programs" unchecked, and can confirm the O.P.'s findings that TB 3.1.x (in my case - 3.1.5) is not detected/reported.

To: @xolotl:
- without wishing to undermine your freedom of choice, I would strongly recommend that you consider downloading, and using PSI - 1.5.0.2 stable or 2.0 beta, for the following reasons:

- it is much more thorough, covering many more programs/apps.;
- it's run time is considerably shorter (8-10 mins for me, on XP) - OSI tok 3 to 4 times longer for thorough check (still many less checked than PSI);
- it doesn't tie up the CPU as much, for so long - mine was continually at 100%, or just under;
- and there is more information and user usage flexibility.**

**My OSI results threw up some insecurities relating to C:\i386\ file location. As this is a Windows backup/restore location, it receives no exposure and poses no threat, so with PSI I have set up an Ignore Rule for this file, so PSI doesn't report it.

For the uninitiated, this would/could have been a cause for concern, and much time could have been spent trying to rectify the problems.
The M$ insecurities, came with a long list of missing KB updates, which would have taken an eternity to implement, and maybe still not have provided a solution (N.B. When I run M$ Updates, normally, it reports that I am up-to-date). Plus there was on old Flash 7.x ActiveX, which may have been problematical to remove.

TiMow

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+1
-0
Anthony Wells RE: No more Thunderbird?
Expert Contributor 21st Oct, 2010 12:09
Score: 2439
Posts: 3,332
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hello TiMow ,

I think you wll find TB 3.0.9 and 3.1.5 are both supported versions from/by Mozilla and are both secure :-

https://wiki.mozilla.org/Thunderbird/StatusMeeting...

Take care

Anthony



--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
TiMow RE: No more Thunderbird?
Dedicated Contributor 21st Oct, 2010 12:59
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
Last edited on 21st Oct, 2010 13:01
Hi Anthony

It's good that you are able to research and find the appropriate info. - that is helpful to us all - but this only (partly) answers my initial reply to Morten, and doesn't really address the O.P.'s point in his first post.

As I see it 3.0.9 and 3.1.5 are both secure, and available/running concurrently, but are not one and the same; - but if the O.P. has 3.1.5 installed, then he would hope that OSI reports it (if it did with his previous versions) - which now it appears not to; as I also subsequently verified, with my OSI scan.

Again, despite the availability of both versions I am unsure why someone would have one version (i.e. Morten on his test computer - 3.0.9) over the other (myself with 3.1.5).

Through TB auto updates and manual Check for Updates, I have logically progressed to the point where I am now at (with my current version no), as I guess many others have done, also, who choose not to look beyond the veneer and not to dabble a bit.

I just call it as I see it.

We will need to wait to hear from the O.P., to see which version he has - but I suspect it wont be 3.0.9.

Regards

TiMow

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+1
-0
Anthony Wells RE: No more Thunderbird?
Expert Contributor 21st Oct, 2010 13:32
Score: 2439
Posts: 3,332
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 21st Oct, 2010 13:48
TiMow ,

I was only addressing your comments to Morten , not the OP's problem . I was clarifying why you can't update 3.0.9 to 3.1.5 - you upgrade . 3.0.9 is up to date for both security , bugs and eye candy . The versions "in-between" are all 3.1.x and not relevant to 3.0.9 . Maybe the OSI database still thinks 3.1.x are Betas . 3.1.5 was until the 19th .

Same situation with Firefox ; Mozilla supports both 3.5.x and 3.6.x and both latest versions are secure with no known vulnerabilities . You can't update 3.5.12 to 3.6.10 ., you upgrade ; but will all your favourite add-ons work ?? If not you may wish to not upgrade .

Some prefer IE6 , some 7, some 8 .

Chacun a son goût .

Chrome is similar whilst not the same as Stable 6.x is insecure/EOL , so you got 7.x ; I've got 8.x .

Hope that is clearer .

Anthony



--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0
M.Hansen RE: No more Thunderbird?
Secunia Official 21st Oct, 2010 14:33
Score: 188
Posts: 410
User Since: 26th Jan 2009
System Score: N/A
Location: Copenhagen, DK
Hi again

Mozilla currently supports two branches of Thunderbird (and Firefox)
Thunderbird 3.0.x
Thunderbird 3.1.x

Having the latest version in either branch should be reported as "Patched".

It seems like the 3.1.x branch had not been added to the covered programs for the OSI.

I've added the program to the list and it should be detected after a rescan.
Thank you for reporting the issue.
xolotl RE: No more Thunderbird?
Member 21st Oct, 2010 14:47
Score: -9
Posts: 16
User Since: 13th Oct 2009
System Score: N/A
Location: DE
Hi,

Just to clarify I always ask OSI to show all programs detected, not just the insecure ones, and I have the very latest Thunderbird (i.e., 3.1.5), yet it was not reported. I am not at my PC right now but I'll rescan later and report if the problem is gone.

--
System: Windows XP SP3, Opera 10 or Firefox 3.6
Was this reply relevant?
+0
-0
TiMow RE: No more Thunderbird?
Dedicated Contributor 21st Oct, 2010 17:36
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
Last edited on 21st Oct, 2010 17:49
Hi Anthony

In the absence of precise version numbers from the original post, my initial reply to Morten, was to question and seek clarification.

I, probably like many other "average" users, tend to be led by PSI download solution links and direct vendor auto/manual updates to stay current and secure, and was unaware that there was a "parallel" branch for TB (as well as others) - so your explanation is appreciated. I (we?), genuinely believed that when offered 3.1.5 as the update, then this is the version I (we?) should be running - anything lower could be insecure.

Not everyone has the time/ability/need or desire to acquaint themselves with all the available info. and are probably unaware, as I was, of this situation.

It would have been preferable if Morten's last reply had come sooner, with an explanation similar to yours (which unfortunately, at the time, could have clouded the issue).

Obviously, in the end, there was an omission of the 3.1x branch - which I'm still guessing the majority are using - in OSI. This should now be rectified - strange it hadn't cropped up 'til now.

The solution to this was due to, and re-emphasises, the importance of always giving precise details and version numbers.

Regards

TiMow

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+1
-0
xolotl RE: No more Thunderbird?
Member 22nd Oct, 2010 17:40
Score: -9
Posts: 16
User Since: 13th Oct 2009
System Score: N/A
Location: DE
Just a quick note to confirm that as of today Thunderbird is back.

--
System: Windows XP SP3, Opera 10 or Firefox 3.6
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability