Join the Mozilla’s Test Days event from Dec 2–8 to test the new Firefox address bar on Firefox Beta 134 and get a chance to win Mozilla swag vouchers! 🎁

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Bitdefender tells me I have (24) vulnerabilities over (5) categories in FF version 47.0.1 -how can this be?

  • 5 replies
  • 2 have this problem
  • 1 view
  • Last reply by James

more options

When I run a vulnerability scan using Bitdefender, it tells me that I have (24) vulnerabilities under the following categories:

Execute Code: By exploiting this vulnerability the attacker has the ability to execute code on the victim's system Gain Information: By exploiting this vulnerability the attacker has the ability to access information (usually files) on the victim's system Denial of Service: By exploiting this vulnerability the attacker can block access to certain resources or to the entire system Bypass: By exploiting this resource the attacker can gain access to a restricted resource without being required to authenticate Cross Site Scripting (XSS): By exploiting this vulnerability the attacker can inject malicious script code into web pages viewed by other users.

The vulnerability/threat level is given (3) red dots (with 4-5 red dots being the highest threat level).

These need to be fixed!

When I run a vulnerability scan using Bitdefender, it tells me that I have (24) vulnerabilities under the following categories: Execute Code: By exploiting this vulnerability the attacker has the ability to execute code on the victim's system Gain Information: By exploiting this vulnerability the attacker has the ability to access information (usually files) on the victim's system Denial of Service: By exploiting this vulnerability the attacker can block access to certain resources or to the entire system Bypass: By exploiting this resource the attacker can gain access to a restricted resource without being required to authenticate Cross Site Scripting (XSS): By exploiting this vulnerability the attacker can inject malicious script code into web pages viewed by other users. The vulnerability/threat level is given (3) red dots (with 4-5 red dots being the highest threat level). These need to be fixed!

Chosen solution

I am going to mark my question as solved, but only because of the link in your above/first response, which (BTW) led me to an even more recent FF version 84.0.1 release of August 26th.

However, I still feel that there should be some information on the beautiful FF home page (or a direct link) as to the latest version and release date, and, when I followed the directions on how to check for and "update" the latest version, the FF site (not my security program) told me I had the latest version, which was not true.

So, the fact remains that I had to take to this forum and spend considerable time and effort to find the answer to what could/should? have been an automatic update to the version I was running with the above-outlined vulnerabilities described within/by my Bitdefender vulnerability scan.

It isn't a negative reflection on Bitdefender, IMO, as you seem to be implying at the end of your second response above, as BD provided a direct hot link to the FF website from the vulnerability scan module within BD, but rather, some failing of FF. However, your posting of the Kapersky data was very impressive indeed.

Thanks again.

Read this answer in context 👍 0

All Replies (5)

more options

Bruder0069 said

Bitdefender tells me I have (24) vulnerabilities over (5) categories in FF version 47.0.1 -how can this be? ... When I run a vulnerability scan using Bitdefender, it tells me that I have (24) These need to be fixed!

They are fixed if you were using Firefox 48.0 that was Released on Aug 2nd.

https://www.mozilla.org/firefox/releases/ https://www.mozilla.org/security/known-vulnerabilities/firefox/

Modified by James

more options

Thank you, James - that is news to me, because when I click on 'About Firefox' under the ? heading and it takes me to the page where Firefox checks for updates, it tells me that my version (47.0.1) is the latest version. Also, I did not see any reference on the Firefox home page as to what the numerical identification of the latest version actually IS, so, it seems like there is something wrong somewhere in the information loop.

But, I will try the manual update based on your above links - thanks.

more options

Kaspersky had a similar notice but with more information on Firefox versions affected and fixed. from https://threats.kaspersky.com/en/vulnerability/KLA10852/

If only Bitdefender did the same.

Modified by James

more options

Chosen Solution

I am going to mark my question as solved, but only because of the link in your above/first response, which (BTW) led me to an even more recent FF version 84.0.1 release of August 26th.

However, I still feel that there should be some information on the beautiful FF home page (or a direct link) as to the latest version and release date, and, when I followed the directions on how to check for and "update" the latest version, the FF site (not my security program) told me I had the latest version, which was not true.

So, the fact remains that I had to take to this forum and spend considerable time and effort to find the answer to what could/should? have been an automatic update to the version I was running with the above-outlined vulnerabilities described within/by my Bitdefender vulnerability scan.

It isn't a negative reflection on Bitdefender, IMO, as you seem to be implying at the end of your second response above, as BD provided a direct hot link to the FF website from the vulnerability scan module within BD, but rather, some failing of FF. However, your posting of the Kapersky data was very impressive indeed.

Thanks again.

Modified by Bruder0069

more options

There has been a crash issue on Windows with 48.0.1/48.0.2 so updates to those versions have turned off at times.

When these sort of notices comes up saying version you are using has known vulnerabilities there is almost always a new major release out. The minor updates are for allowed stability or even security fixes that could not wait for next Release.

Modified by James