본 사이트는 여러분의 사용자 경험을 개선하기 위해 유지 보수를 진행하는 동안 기능이 제한됩니다. 도움말로 문제가 해결되지 않고 질문을 하고 싶다면 Twitter의 @FirefoxSupport 및 Reddit의 /r/firefox 채널을 활용하세요.

Mozilla 도움말 검색

고객 지원 사기를 피하세요. 저희는 여러분께 절대로 전화를 걸거나 문자를 보내거나 개인 정보를 공유하도록 요청하지 않습니다. "악용 사례 신고"옵션을 사용하여 의심스러운 활동을 신고해 주세요.

자세히 살펴보기

Bitdefender tells me I have (24) vulnerabilities over (5) categories in FF version 47.0.1 -how can this be?

  • 5 답장
  • 2 이 문제를 만남
  • 3 보기
  • 최종 답변자: James

more options

When I run a vulnerability scan using Bitdefender, it tells me that I have (24) vulnerabilities under the following categories:

Execute Code: By exploiting this vulnerability the attacker has the ability to execute code on the victim's system Gain Information: By exploiting this vulnerability the attacker has the ability to access information (usually files) on the victim's system Denial of Service: By exploiting this vulnerability the attacker can block access to certain resources or to the entire system Bypass: By exploiting this resource the attacker can gain access to a restricted resource without being required to authenticate Cross Site Scripting (XSS): By exploiting this vulnerability the attacker can inject malicious script code into web pages viewed by other users.

The vulnerability/threat level is given (3) red dots (with 4-5 red dots being the highest threat level).

These need to be fixed!

When I run a vulnerability scan using Bitdefender, it tells me that I have (24) vulnerabilities under the following categories: Execute Code: By exploiting this vulnerability the attacker has the ability to execute code on the victim's system Gain Information: By exploiting this vulnerability the attacker has the ability to access information (usually files) on the victim's system Denial of Service: By exploiting this vulnerability the attacker can block access to certain resources or to the entire system Bypass: By exploiting this resource the attacker can gain access to a restricted resource without being required to authenticate Cross Site Scripting (XSS): By exploiting this vulnerability the attacker can inject malicious script code into web pages viewed by other users. The vulnerability/threat level is given (3) red dots (with 4-5 red dots being the highest threat level). These need to be fixed!

선택된 해결법

I am going to mark my question as solved, but only because of the link in your above/first response, which (BTW) led me to an even more recent FF version 84.0.1 release of August 26th.

However, I still feel that there should be some information on the beautiful FF home page (or a direct link) as to the latest version and release date, and, when I followed the directions on how to check for and "update" the latest version, the FF site (not my security program) told me I had the latest version, which was not true.

So, the fact remains that I had to take to this forum and spend considerable time and effort to find the answer to what could/should? have been an automatic update to the version I was running with the above-outlined vulnerabilities described within/by my Bitdefender vulnerability scan.

It isn't a negative reflection on Bitdefender, IMO, as you seem to be implying at the end of your second response above, as BD provided a direct hot link to the FF website from the vulnerability scan module within BD, but rather, some failing of FF. However, your posting of the Kapersky data was very impressive indeed.

Thanks again.

문맥에 따라 이 답변을 읽어주세요 👍 0

모든 댓글 (5)

more options

Bruder0069 said

Bitdefender tells me I have (24) vulnerabilities over (5) categories in FF version 47.0.1 -how can this be? ... When I run a vulnerability scan using Bitdefender, it tells me that I have (24) These need to be fixed!

They are fixed if you were using Firefox 48.0 that was Released on Aug 2nd.

https://www.mozilla.org/firefox/releases/ https://www.mozilla.org/security/known-vulnerabilities/firefox/

글쓴이 James 수정일시

more options

Thank you, James - that is news to me, because when I click on 'About Firefox' under the ? heading and it takes me to the page where Firefox checks for updates, it tells me that my version (47.0.1) is the latest version. Also, I did not see any reference on the Firefox home page as to what the numerical identification of the latest version actually IS, so, it seems like there is something wrong somewhere in the information loop.

But, I will try the manual update based on your above links - thanks.

more options

Kaspersky had a similar notice but with more information on Firefox versions affected and fixed. from https://threats.kaspersky.com/en/vulnerability/KLA10852/

If only Bitdefender did the same.

글쓴이 James 수정일시

more options

선택된 해결법

I am going to mark my question as solved, but only because of the link in your above/first response, which (BTW) led me to an even more recent FF version 84.0.1 release of August 26th.

However, I still feel that there should be some information on the beautiful FF home page (or a direct link) as to the latest version and release date, and, when I followed the directions on how to check for and "update" the latest version, the FF site (not my security program) told me I had the latest version, which was not true.

So, the fact remains that I had to take to this forum and spend considerable time and effort to find the answer to what could/should? have been an automatic update to the version I was running with the above-outlined vulnerabilities described within/by my Bitdefender vulnerability scan.

It isn't a negative reflection on Bitdefender, IMO, as you seem to be implying at the end of your second response above, as BD provided a direct hot link to the FF website from the vulnerability scan module within BD, but rather, some failing of FF. However, your posting of the Kapersky data was very impressive indeed.

Thanks again.

글쓴이 Bruder0069 수정일시

more options

There has been a crash issue on Windows with 48.0.1/48.0.2 so updates to those versions have turned off at times.

When these sort of notices comes up saying version you are using has known vulnerabilities there is almost always a new major release out. The minor updates are for allowed stability or even security fixes that could not wait for next Release.

글쓴이 James 수정일시