Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Comodo Dragon 4x

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI 2.0 Beta

This thread has been marked as resolved.
Kevin Adamson Comodo Dragon 4x
Member 25th Oct, 2010 20:07
Ranking: 2
Posts: 4
User Since: 1st Jan, 2009
System Score: N/A
Location: N/A
The website page for Comodo Dragon shows no known issues at this time for this browser, but the beta Secunia is listing a vulnerability as SA39882.
Follow this link and it comes to the Google Chrome page that is listing the issue.
I would just like clarification that this is just mistaken identity with the beta version, or is there an issue with the Comodo Dragon that is not showing up on the product page here.
Kevin :)

Post "RE: Comodo Dragon 4x" has been selected as an answer.
mogs RE: Comodo Dragon 4x
Expert Contributor 25th Oct, 2010 20:52
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
The Comodo Advisory shows the following :-
This vulnerability report for Comodo Dragon 4.x contains a complete overview of all Secunia advisories affecting it. You can use this vulnerability report to ensure that you are aware of all vulnerabilities, both patched and unpatched, affecting this product allowing you to take the necessary precautions.

If you have information about a new or an existing vulnerability in Comodo Dragon 4.x then you are more than welcome to contact us.

http://secunia.com/advisories/product/30431/
Vendor, Links, and Unpatched Vulnerabilities

Vendor Comodo Group

Product Link View Here (Link to external site)

Affected By 0 Secunia advisories
0 Vulnerabilities


SA39882 shows the following for Chrome 4 :-
Secunia Advisory SA39882
Google Chrome Multiple Vulnerabilities
Secunia Advisory SA39882
Get alerted and manage the vulnerability life cycle
Free Trial

Release Date 2010-05-27
Last Update 2010-06-02

Popularity 4,426 views
Comments 5 comments

Criticality level Moderately critical
Impact Unknown
Security Bypass
Spoofing
System access
Where From remote
Authentication level Available in Customer Area

Report reliability Available in Customer Area
Solution Status Unpatched

Systems affected Available in Customer Area
Approve distribution Available in Customer Area

Software:
Google Chrome 4.x
Secunia staff usually look thro' the psi 2.0 Beta threads/posts of a morning....so you may obtain more enlightenment then.
Hope this is of some help for now......regards,


--
Was this reply relevant?
+2
-0
Anthony Wells RE: Comodo Dragon 4x
Expert Contributor 25th Oct, 2010 21:01
Score: 2412
Posts: 3,309
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 25th Oct, 2010 21:05
Hello Kevin ,

This Comodo Forum link says that Dragon is based on Chromium version 4.x ; Chromium is now on version 7.x :-

http://forums.comodo.com/news-announcements-feedba...

The PSI is therefore likely picking up the version 4.x dll and reading as Google Chrome browser or frame or equivalent and giving you the SA for Google Chrome 4.x .

You will need to contact by email support@secunia.com (if they don't pick up here tomorrow CET) and more specifically Comodo support to see if the embedded Chrome is vulnerable to the 4.x vulnerabilities and subsequent 5.x and 6.x ones . If Dragon is not vulnerable , you could set an ignore rule for it ; however , if it was me , I would need to be totally convinced before I set one .

In contrast , Secunia vulnerability report shows no vulnerabilities ever showing against Dragon 4.x :-

http://secunia.com/advisories/product/30431/

Looks a bit messy :((

Take care

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+2
-0
Kevin Adamson RE: Comodo Dragon 4x
Member 25th Oct, 2010 21:38
Score: 2
Posts: 4
User Since: 1st Jan 2009
System Score: N/A
Location: N/A
Thanks for the quick reply's mogs and Anthony. I agree that before I go with the ignore rule for this I would like to see if support can check into this more.
I will give it a day and then contact them directly.
I posted it first just so if others are having the same concern and it is just a bug with the beta picking out the .dll file of that version then the post did its purpose.
Just bringing the issue out in the light. Better safe than sorry. It is a bit messy LOL. Thanks again guys.
Was this reply relevant?
+0
-0
M.Hansen RE: Comodo Dragon 4x
Secunia Official 27th Oct, 2010 09:08
Score: 188
Posts: 410
User Since: 26th Jan 2009
System Score: N/A
Location: Copenhagen, DK
Hi

Comodo Dragon is currently based upon Chromium 4.1.1.12.

Since Comodo Dragon is based upon the same engine as Google Chrome 4.x all advisories affecting Google Chrome 4.x will also affect Comodo Dragon.

This also applies to other browsers which is based on the "major" browsers.
(Such as CometBird, K-Meleon, Acoo Browser, Maxthon, etc...)

I have made a suggestion to our developers to improve the information regarding this to make is less confusing for our users.

Kevin Adamson RE: Comodo Dragon 4x
Member 27th Oct, 2010 09:55
Score: 2
Posts: 4
User Since: 1st Jan 2009
System Score: N/A
Location: N/A
To M. Hansen
That is just what I wanted to hear. End of problem.
Thanks for your info and time.
Kevin
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability