Freakattack.com reports that firefox is vulnerable on my PC
Reports suggest that Firefox on Windows 7 would not be vulnerable to the 'Freak Attack' but when I test this on freakattack.com https://freakattack.com/clienttest.html it is reporrted as being vulnerable (same with Chrome and IE 11 as it happens). I am running 36.0.
Wybrane rozwiązanie
I am running Avast 2015 Free Antivirus + Windows Firewall. I just tested again with Avast Web Shield disabled - I get an all clear, same with my other browsers. Presumably this is because Avast is using its own certificate to do MITM. Not sure if I should be worried about that.
@John99 The link you gave is a different issue. I am looking at CVE-2015-0204
Przeczytaj tę odpowiedź w całym kontekście 👍 0Wszystkie odpowiedzi (5)
edit should have been link From http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0024 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0204
From http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0029
It would appear this is an Internet Explorer issue af IE6 & IE8
When I visit https://freakattack.com/clienttest.html with Fx36 I get the all clear
Good News! Your browser appears to be safe from the FREAK Attack!
but I am not at the moment using Windows. I will check from Windows and post again if that shows an error; but even if it does; I can not see that it will be an issue, other than a false positive, because Firefox is not listed as vulnerable.
Zmodyfikowany przez John99 w dniu
That Freak Attack test is clear for me with Firefox 28.0 on WinXP.
which security software are you running on the pc?
Wybrane rozwiązanie
I am running Avast 2015 Free Antivirus + Windows Firewall. I just tested again with Avast Web Shield disabled - I get an all clear, same with my other browsers. Presumably this is because Avast is using its own certificate to do MITM. Not sure if I should be worried about that.
@John99 The link you gave is a different issue. I am looking at CVE-2015-0204
Yes, you should be worried because even though Firefox has a secure connection to avast!, avast! has a vulnerable connection to the actual website.
In another thread, a user indicated that avast! has a program update that fixes this issue. https://support.mozilla.org/questions/1050235#answer-699463