Jump to content

Recommended Posts

Hello everyone

My Nebula console is reporting four Firefox (high) vulnerybilities CVE-2024-9680/9936/10458/10459, on Windows Server 2022. "Remediation: Update Mozilla Firefox to at least 132.0". Actual Firefox version is 133.0, but the version reported by Vulnerabilities page is 130.0. Reruning "Scan Inventory & Vulnerability" does not change this. Noteworthy, agents on Windows 10/11 endpoints do not report this vulnerability having the same Firefox version

If I choose Action -> Update Software, agent installs v132.0.1, which is, of course, immediately overrun by Firefox internal update which re-updates to the newest version. This was also happening while 132.0.2 was current (I kind of hoped v133.0 will be properly identified, but it is not)

Machine in question is Dell PowerEdge server with fully updated Windows Server 2022 OS and up-to-date ThreatDown Endpoint (for Win Server).
This is not a big deal, I know Firefox is mis-identified and therefore these High Vulnerabilities are reported, but it kind of bugs me. I'm trying to, at least get rid of all Critical/High notifications for vulnerabilities/patches.

Is there a way to get rid of this?
Enyone else seeing this as well?


Regards

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.