Freakattack.com reports that firefox is vulnerable on my PC
Reports suggest that Firefox on Windows 7 would not be vulnerable to the 'Freak Attack' but when I test this on freakattack.com https://freakattack.com/clienttest.html it is reporrted as being vulnerable (same with Chrome and IE 11 as it happens). I am running 36.0.
Gekozen oplossing
I am running Avast 2015 Free Antivirus + Windows Firewall. I just tested again with Avast Web Shield disabled - I get an all clear, same with my other browsers. Presumably this is because Avast is using its own certificate to do MITM. Not sure if I should be worried about that.
@John99 The link you gave is a different issue. I am looking at CVE-2015-0204
Dit antwoord in context lezen 👍 0Alle antwoorden (5)
edit should have been link From http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0024 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0204
From http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0029
It would appear this is an Internet Explorer issue af IE6 & IE8
When I visit https://freakattack.com/clienttest.html with Fx36 I get the all clear
Good News! Your browser appears to be safe from the FREAK Attack!
but I am not at the moment using Windows. I will check from Windows and post again if that shows an error; but even if it does; I can not see that it will be an issue, other than a false positive, because Firefox is not listed as vulnerable.
Bewerkt door John99 op
That Freak Attack test is clear for me with Firefox 28.0 on WinXP.
which security software are you running on the pc?
Gekozen oplossing
I am running Avast 2015 Free Antivirus + Windows Firewall. I just tested again with Avast Web Shield disabled - I get an all clear, same with my other browsers. Presumably this is because Avast is using its own certificate to do MITM. Not sure if I should be worried about that.
@John99 The link you gave is a different issue. I am looking at CVE-2015-0204
Yes, you should be worried because even though Firefox has a secure connection to avast!, avast! has a vulnerable connection to the actual website.
In another thread, a user indicated that avast! has a program update that fixes this issue. https://support.mozilla.org/questions/1050235#answer-699463