Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Mozilla Firefox 3.5.x a threat? I have 3.6.12

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Mozilla Foundation
And, this specific program:
Mozilla Firefox 3.5.x

This thread has been marked as locked.
letchworth Mozilla Firefox 3.5.x a threat? I have 3.6.12
Member 29th Nov, 2010 23:11
Ranking: 0
Posts: 2
User Since: 31st Mar, 2009
System Score: N/A
Location: N/A
Each time Secunia does a scan it tells me there is a category 5 threat with Mozilla Firefox 3.5.x a threat--- however I have 3.6.12

Looks like false warning-- but as many times as I install Firefox over itself-- Secunia tells me I have a level 5 threat on v.3.5x

Secunia has helped me with other real problems-- is there a way to solve this one?

I am using it on an XP machine.


TiMow RE: Mozilla Firefox 3.5.x a threat? I have 3.6.12
Dedicated Contributor 30th Nov, 2010 08:00
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
In addition to you having the current Ff. version, PSI is finding this previous version (or parts of), and is correctly flagging it as insecure.

When you install Ff. updates, they overwrite the previous version, so for this old one still to be present, there is a chance that it is installed in a non-default location, and hasn't been overwritten - e.g. back-up location.

The key to solving this, is to find the installation path (and full version number):

If using PSI 1.5.0.2, you should be in Advanced mode, then under Insecure (or possibly E-o-L) tab, click on [+] on left of listing to reveal installation path.

If using 2.0 beta, I believe the procedure is similar - from the Scan Results window.

If you require further assistance, then post back with these details.

[To include info. from PSI, to post on your reply: highlight, Ctrl+C (copy), Ctrl+V (paste)]

TiMow

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+1
-0
letchworth RE: Mozilla Firefox 3.5.x a threat? I have 3.6.12
Member 30th Nov, 2010 17:12
Score: 0
Posts: 2
User Since: 31st Mar 2009
System Score: N/A
Location: N/A
That led me to the answer:
D:\Program Files\Mozilla Firefox\firefox.exe

I had an old hard drive that had a mirror copy of my C drive-- that I installed as D drive (had some data I needed to retrieve-- so have been using it as backup data drive).

My question: Should I ignore it because I only use that drive as data backup-- or should I install it as C drive--- update--- and put it back as D drive?? Or is this an unsafe policy??

letchworth
Was this reply relevant?
+0
-0
TiMow RE: Mozilla Firefox 3.5.x a threat? I have 3.6.12
Dedicated Contributor 30th Nov, 2010 18:26
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
Unfortunately, as I don't use a back-up drive, I can't give you a definitive answer.
From reading similar issues to this, I think the rule of thumb, is that you should be able to set an ignore rule for a back-up D drive - but can't guarantee that this would be safest option.

However, if Ff. is the only insecurity on your D drive, you could consider deleting this old version from D drive, and if you still required a version for backup purposes (probably not necessary), you could download 3.6.12 and change installation path to "D:\".

Opening Ff. 3.5 from D drive and selecting Check for Updates (from Help menu), may also update to same location - but, again I can't guarantee this.

I think you best option is just to delete Ff. from D:\. As it's not part of the original installed software, and easily downloadable, when needed, you probably don't need a back-up copy.

TiMow

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+2
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer