Secunia Research Community
Forum Thread: I fixed Adobe why is it saying browser still unsecure
You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.This thread was submitted in the following forum:
Programs
|
Relating to this vendor: Adobe Systems |
And, this specific program: Adobe Flash Player 10.x |
| jckinnick | I fixed Adobe why is it saying browser still unsecure |
|---|---|
 |
8th Jun, 2010 11:10 |
|
Ranking: 6 Posts: 189 User Since: 21st May, 2010 System Score: 100% Location: US |
In the overview section it lists some unsecure browsers with no possible solutions at the moment. I have 3 listed IE, Opera, and Safari. One of the things thats making it unsecure is the latest version of Adobe 10.0. Under possible solutions it says that reportedly the latest beta version of Adobe 10.1 is a fix for this problem. So i uninstalled the latest version of Adobe and downloaded the beta 10.1 version and did a scan and it still has Adobe listed as unsecure in those 3 browsers. What up with that? |
| Leendert Kip | I fixed Adobe why is it saying browser still unsecure | ||||||||
|
8th Jun, 2010 11:15 | ||||||||
| Score: 112 Posts: 597 User Since: 22nd Jan 2009 System Score: 100% Location: NL Last edited on 8th Jun, 2010 11:17 |
The problem with Safari was v. 4.0. This morning v. 5.0 was available and I installed without problem. I don't know if it's secure or not because v. 5.0 is not in the patched programs list and maybe unknown to Secunia. -- PC: PWA Computers Intel Core I3 2100 3.1Ghz Kingston DDR3 ValueRam 4GB 1333 Kingston SSD SV300S 240GB Windows 7 Home Premium 64bits SP1 Secunia PSI 3.0.0.11005 Internet Explorer 11 Mozilla Firefox 54.0NL Google Chrome 59.0.3071.109 Laptop: MSI GT780DX Intel Core I5-2450 DDR3 RAM 6GB Windows 7 Home Premium 64bits SP1 Secunia PSI 3.0.0.11005 Internet Explorer 11 Mozilla Firefox 54.0NL |
||||||||
|
|||||||||
| TiMow | RE: I fixed Adobe why is it saying browser still unsecure | ||||||||
|
8th Jun, 2010 11:18 | ||||||||
| Score: 737 Posts: 728 User Since: 26th Jun 2009 System Score: N/A Location: CH |
As this RC7 (10.1) Flash is still release candidate and not full release version update, PSI recognises this as secure under patched, but only as a workaround under secure browsing (and not a full solution), hence the browser boxes still showing red. Both Secunia and Adobe report the latest RC7 flash as not effected by the vulnerability - so you should be secure, despite the PSI reporting conflicts. TiMow -- Computing is not yet a perfect science - it still requires humans. |
||||||||
|
|||||||||
| jckinnick | RE: I fixed Adobe why is it saying browser still unsecure | ||||||||
|
|
8th Jun, 2010 11:29 | ||||||||
| Score: 6 Posts: 189 User Since: 21st May 2010 System Score: 100% Location: US |
RC7 ? I had somehow went back to the latest version of Adobe but i had 10.1 before and i thought that PSI showed it as secure because before i just had 2 browsers that were unsecure. Is that a new version of Safari for Windows? |
||||||||
|
|||||||||
| TiMow | RE: I fixed Adobe why is it saying browser still unsecure | ||||||||
|
|
8th Jun, 2010 11:50 | ||||||||
| Score: 737 Posts: 728 User Since: 26th Jun 2009 System Score: N/A Location: CH |
RC7 is the latest release (R) candidate (C) version of Flash (10.1.53.64 ), to which you have been referring. Full designation is10.1.53.64 RC7. All my 3 browser boxes are red under secure browsing because Flash shows as cat.5 threat (despite latest "fix" - for reasons I've described above). Prior to this Flash threat; IE was boxed in yellow (longstanding cat.3 threat) as was Firefox (recent cat.2 threat). As I use neither Opera nor Safari, I am unable to comment on their present status. @Leendert Kip seems to have a better take on matters relating to Safari, in his post above. In addition, you can click on the blue SA number links that show in each browser box, for further information. TiMow -- Computing is not yet a perfect science - it still requires humans. |
||||||||
|
|||||||||
| mogs | RE: I fixed Adobe why is it saying browser still unsecure | ||||||||
|
|
8th Jun, 2010 12:26 | ||||||||
| Score: Posts: 6,279 User Since: 22nd Apr 2009 System Score: N/A Location: UK |
Hello. You do not say how you uninstalled AFP....whether you used Adobe's uninstaller ? There is even a more recent version of that. Unless it is completely removed; psi may still be detecting old files/versions even if in the Recycle bin. I was only able to rectify matters and install the RC after first using the Adobe uninstaller and having a clear out via Regedit. -- |
||||||||
|
|||||||||
| jckinnick | RE: I fixed Adobe why is it saying browser still unsecure | ||||||||
|
|
8th Jun, 2010 12:44 | ||||||||
| Score: 6 Posts: 189 User Since: 21st May 2010 System Score: 100% Location: US |
The 10.1.53 version is a beta version right? Yeah i used the uninstaller downloaded that new Safari update and now i have two browsers unsecure. IE is still showing Adobe Flash as unsecure though. |
||||||||
|
|||||||||
| mogs | RE: I fixed Adobe why is it saying browser still unsecure | ||||||||
|
|
8th Jun, 2010 13:02 | ||||||||
| Score: Posts: 6,279 User Since: 22nd Apr 2009 System Score: N/A Location: UK |
Yeah.....I use Dev channel Chrome which, like the Beta version is'nt monitored by psi....yet, the RC Adobe is shown in my Patched tab and Secure Browsing tab with IE8. I think you've probably gone as far as you can with that one. Don't know anything about Safari nor Opera.....I think if it were possible I'd just have the one....it's not an ideal world tho' !!! -- |
||||||||
|
|||||||||
| ddmarshall | RE: I fixed Adobe why is it saying browser still unsecure | ||||||||
|
|
8th Jun, 2010 13:05 | ||||||||
| Score: 1250 Posts: 992 User Since: 8th Nov 2008 System Score: 98% Location: UK |
It is a Release Candidate, which is a step past Beta. There is an uninstaller associated with this version available here: http://labs.adobe.com/downloads/flashplayer10.html... If it is necessary to remove registry entries, use the uninstaller from a command prompt with the /clean switch. This article explains how: http://kb2.adobe.com/cps/402/kb402435.html It will need modifying for OS and the name of the uninstaller. -- |
||||||||
|
|||||||||
| jckinnick | RE: I fixed Adobe why is it saying browser still unsecure | ||||||||
|
|
8th Jun, 2010 13:19 | ||||||||
| Score: 6 Posts: 189 User Since: 21st May 2010 System Score: 100% Location: US |
Im not sure what version of IE i have im still using Windows XP is IE still being updated when Windows updates. I know Windows media player 10 was the last update i could do without having to upgrade. | ||||||||
|
|||||||||
| TiMow | RE: I fixed Adobe why is it saying browser still unsecure | ||||||||
|
|
8th Jun, 2010 13:31 | ||||||||
| Score: 737 Posts: 728 User Since: 26th Jun 2009 System Score: N/A Location: CH |
In IE > Help menu > About Internet Explorer - shows which IE you have installed. Also PSI (Advanced) > Patched tab > scroll down to Microsoft Internet Explorer - which should be followed by "8.x", and then "8.0.6001.18702" (full version no. for latest). -- Computing is not yet a perfect science - it still requires humans. |
||||||||
|
|||||||||
| mogs | RE: I fixed Adobe why is it saying browser still unsecure | ||||||||
|
|
8th Jun, 2010 13:31 | ||||||||
| Score: Posts: 6,279 User Since: 22nd Apr 2009 System Score: N/A Location: UK |
If you look in your Secure Browsing tab it will say what version IE you are using.........are you using Secunia psi with the Advanced interface ? -- |
||||||||
|
|||||||||
| jckinnick | RE: I fixed Adobe why is it saying browser still unsecure | ||||||||
|
|
9th Jun, 2010 06:48 | ||||||||
| Score: 6 Posts: 189 User Since: 21st May 2010 System Score: 100% Location: US |
Yeah im using the advanced version and i have IE 8.x. | ||||||||
|
|||||||||
| jckinnick | RE: I fixed Adobe why is it saying browser still unsecure | ||||||||
|
|
9th Jun, 2010 06:56 | ||||||||
| Score: 6 Posts: 189 User Since: 21st May 2010 System Score: 100% Location: US Last edited on 9th Jun, 2010 06:56 |
When i installed Adobe Flash does it not go to all the browsers im using? IE still shows it as vulnerable. Under IE its showing Adobe 10.1 NAPI and Adobe Active X. Apparently i have to versions and need two remove one? | ||||||||
|
|||||||||
| jckinnick | RE: I fixed Adobe why is it saying browser still unsecure | ||||||||
|
|
9th Jun, 2010 07:13 | ||||||||
| Score: 6 Posts: 189 User Since: 21st May 2010 System Score: 100% Location: US |
I used the uninstall tool from Adobe that PSI suggested, whcih i though i had used before i installed the new 10.1 version. Now for IE it shows three new things unsecure one of them is windows updates so right now im downloading new windows updates. | ||||||||
|
|||||||||
| jckinnick | RE: I fixed Adobe why is it saying browser still unsecure | ||||||||
|
|
9th Jun, 2010 09:34 | ||||||||
| Score: 6 Posts: 189 User Since: 21st May 2010 System Score: 100% Location: US |
on 9th Jun, 2010 06:56, jckinnick wrote: When i installed Adobe Flash does it not go to all the browsers im using? IE still shows it as vulnerable. Under IE its showing Adobe 10.1 NAPI and Adobe Active X. Apparently i have to versions and need two remove one? Nevermind this i was wrong it was looking under the patched section that was showing two versions. Still though there shouldnt be two versions should there? I dont even know what NABI is. |
||||||||
|
|||||||||
| TiMow | RE: I fixed Adobe why is it saying browser still unsecure | ||||||||
|
|
9th Jun, 2010 10:47 | ||||||||
| Score: 737 Posts: 728 User Since: 26th Jun 2009 System Score: N/A Location: CH Last edited on 9th Jun, 2010 11:02 |
Flash is used by your browsers for graphics, videos, games etc. IE uses Flash (ActiveX) - PSI require this version for the display of it's graphics (pie chart and bars). Other browsers need Flash (NPAPI). When you install/update Flash you normally need to do this twice - once using IE for ActiveX, and once using another browser for NPAPI. This is why you see both entries under Patched - this normal. Be careful that you're not trying too hard. If you are showing the latest RC7 Flash (10.1.53.64) for both ActiveX and NPAPI, under patched, then you have done all you can (for now) re. flash. As far as I know the browser boxes still show red until the full release version of flash is available - providing you have no other cat.4 or cat.5 threats (other than flash) showing in your browser boxes (under Secure Browsing). TiMow EDIT: Re. this and your other thread - if there is any term of which you are unsure, then type "define: xxxxx" (where xxxx is the term you need explaining), into your browsers search box. Alternatively Wikipedia is always a good source of reference, or try this link: http://www.cryer.co.uk/glossary/a/index.htm -- Computing is not yet a perfect science - it still requires humans. |
||||||||
|
|||||||||
| jckinnick | RE: I fixed Adobe why is it saying browser still unsecure | ||||||||
|
|
9th Jun, 2010 11:12 | ||||||||
| Score: 6 Posts: 189 User Since: 21st May 2010 System Score: 100% Location: US |
Oh, so since IE uses Active X thats why its showing it as unsecure and the others as browsers as ok? | ||||||||
|
|||||||||
| TiMow | RE: I fixed Adobe why is it saying browser still unsecure | ||||||||
|
|
9th Jun, 2010 13:01 | ||||||||
| Score: 737 Posts: 728 User Since: 26th Jun 2009 System Score: N/A Location: CH |
It all depends against which component within your browser box the insecurity is showing. e.g. In my IE8 browser box (currently red surround), I have the following: 1) Adobe Flash Player 10.x Insecure, no solution [cat.5 threat (5/5 coloured boxes)] SA40026 2) Microsoft Internet Explorer 8.x Insecure, no solution [cat.2 threat (2/5 coloured boxes)] SA24314 The second entry for IE8 is a long-standing insecurity (which wont be fixed before IE9) but has in the recent past downgraded from cat.3 to cat.2 threat. Prior to the recent problem with flash the box surround was yellow (caution). When the problem arose with flash, because this shows as cat.5 threat, it turned the box red. After I uninstalled the insecure flash , it went back to yellow, and then back to red after installation of new flash (RC7). As far as I know, this is because the PSI detection rules don't recognise this flash as a full solution, due to its release candidate status. My other 2 browsers (Chrome and Firefox), also show red because of the same cat.5 threat showing against Adobe Flash Player 10.x within their boxes. If you are fortunate enough to have your other browsers not showing red under secure browsing, then that's good. I am happy that the latest flash is recognised as not being effected by the vulnerability, despite the red browser boxes. TiMow -- Computing is not yet a perfect science - it still requires humans. |
||||||||
|
|||||||||
