547624 - Secunia PSI reports firefox 3.6 is insecure

Status: RESOLVED INCOMPLETE

(Firefox :: Security, defect)

Description

[Cliff]

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 (.NET CLR 3.5.30729)
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 (.NET CLR 3.5.30729)

This is from Secunia PSI
Insecure, no solution 

 
This program was detected as patched. Hence, you have done all that you can to secure this program in accordance with the vendors guidelines.

Unfortunately, there are still known security problems with this program that the vendor has to fix (issue a security patch for).

Until a solution is available from the vendor, your best options are to: Uninstall, disable, or apply a workaround for this security threat.

 
and from this site http://secunia.com/advisories/38608/

Description
A vulnerability has been reported in Mozilla Firefox, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an unspecified error and can be exploited to execute arbitrary code.

The vulnerability is reported in version 3.6. Other versions may also be affected.

Solution
Do not visit untrusted websites or follow untrusted links.

Provided and/or discovered by
Reportedly a module for VulnDisco Pack.

Original Advisory
https://forum.immunityinc.com/board/thread/1161/vulndisco-9-0/

Deep Links

Reproducible: Always

Comment 1

[Daniel Veditz [:dveditz]]

http://blog.mozilla.com/security/2010/02/22/secunia-advisory-sa38608/

Yes, we've read the claims that there's a security bug, but so far no one is willing to share details with us (Intevydis has not responded to our mail).

Comment 3

[Cliff]

both this bug and 547922 show fixed and indicate it is a duplicate of the other.
If they have been fixed, what is the solution and has a patch been issued?

Comment 4

[Tyler Downer [He/Him]]

not fixed, there has been no patch checked into the tree.