Announcement

Collapse
No announcement yet.

Is the security hole reported in Secunia Advisory SA51733 fixed now?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • lieutdan13
    replied
    Installing the latest 5.4.4.1128 did not solve the Firefox issue. However, after installing the new version, the updater in the system tray prompted me to update the plugin. Firefox no longer complains about the security threat. Thanks for fixing this.

    Leave a comment:


  • cherry
    replied
    Hi Jokob,

    The Firefox Plugin 2.2.3.111 has fixed the security hole reported in Secunia Advisory SA51733. The Security advisory on Foxit website will be published later.

    Leave a comment:


  • Is the security hole reported in Secunia Advisory SA51733 fixed now?

    Around the web, there is much noise about a security issue in Foxit Reader, described in Secunia Advisory SA51733 (http://secunia.com/advisories/51733/) and apparently originally in a post by Andrea Micalizzi (http://retrogod.altervista.org/9sg_foxit_overflow.htm).

    I suspect that the update for the Foxit Firefox plugin that we received today through Foxit Updater may be a fix for this, but I see no official announcement of this from Foxit, and the Secunia page still says that Foxit has not released a fix.

    If today's update fixes this, then I think Foxit should make a public announcement on its security page and also notify Secunia, Mr. Micalizzi and other web sites discussing the issues, just to assure users that all is now well again, if they install the update.

    But if today's update does not fix this, at least Foxit should acknowledge that the issue exists (and will be fixed later), so users know not to use the browser plugin until there is a new update for it.

    I do agree that Security holes should usually not be published until the fix has been rolled out to all 130 million users (because bad guys could then use the info to attack those without the fix), but in this case the cat is so obviously out of the bag, that secrecy no longer works, and the best Foxit can do is to acknowledge the issue and tell users what to do.
Working...
X