Forum Thread: insecure program

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:

Relating to this vendor:
Mozilla Foundation
And, this specific program:
Mozilla Firefox 3.5.x

This thread has been marked as locked.
bywhatnow insecure program
Member 29th Jul, 2009 22:23
Ranking: 0
Posts: 2
User Since: 4th Dec, 2008
System Score: N/A
Location: N/A
The scan showed that my Mozilla FireFox 3.5.1 was in need of a patch. I have gone to their site four (4) times and downloaded and installed the "latest" Firefox (3.5.1) I have also opened my Firefox and checked for updates. After all this I still get an unpatched message about Firefox. Is this a glitch or is Firefox still unpatched even after the update?

wr RE: insecure program
Contributor 30th Jul, 2009 01:29
Score: 308
Posts: 739
User Since: 30th Mar 2008
System Score: N/A
Location: US
No patch yet from FF:

HP Pavilion Slimline s3020n
Windows Vista Home Premium SP2 32 bit
AMD 64 Athlon X2
Firefox 31.4.0 ESR
The weakest link of a computer system is always sitting in front of the monitor.
Was this reply relevant?
bjm__ RE: insecure program
Member 30th Jul, 2009 07:22
Score: 64
Posts: 374
User Since: 9th Mar 2009
System Score: N/A
Location: US
Last edited on 30th Jul, 2009 07:27
To: bywhatnow,

FF 3.5.1 still has a known unpatched security the link offered by wr.
FF is as patched as it can be and your still vulnerable.
Secunia can't fix FF.
The beauty of PSI 1.5 is that you've been informed you have done all you can do to be safe and sometimes that just ain't enough. PSI 1.5 gives you information that you cannot get anywhere else and the cost is very reasonable considering the amount of time, effort and hard work involved keeping you informed.
The information is all there...all you have to do is use it.
__________________________________________________ ________________
URL bar spoofing vulnerability

07.28.09 - 03:40pm


The URL in the address bar can be spoofed when a new window or tab is opened by a malicious web page.

Impact to users

If a user visits a page hosting this malicious code, a new window or tab can be opened with a faked URL. There is no way of determining if the URL is authentic. This could result in the user disclosing confidential information to the malicious site, known as a phishing attack.


This vulnerability is known to affect all current versions of Firefox. Mozilla is actively working on fixing this vulnerability. Users can mitigate this vulnerability by only sharing confidential information with websites that were opened from a bookmark, a trusted source, or by manually opening a new tab or window and entering a URL.
__________________________________________________ ____________________
Was this reply relevant?

This thread has been marked as locked.