Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Rohkem teavet

Freakattack.com reports that firefox is vulnerable on my PC

more options

Reports suggest that Firefox on Windows 7 would not be vulnerable to the 'Freak Attack' but when I test this on freakattack.com https://freakattack.com/clienttest.html it is reporrted as being vulnerable (same with Chrome and IE 11 as it happens). I am running 36.0.

Reports suggest that Firefox on Windows 7 would not be vulnerable to the 'Freak Attack' but when I test this on freakattack.com https://freakattack.com/clienttest.html it is reporrted as being vulnerable (same with Chrome and IE 11 as it happens). I am running 36.0.
Attached screenshots

Valitud lahendus

I am running Avast 2015 Free Antivirus + Windows Firewall. I just tested again with Avast Web Shield disabled - I get an all clear, same with my other browsers. Presumably this is because Avast is using its own certificate to do MITM. Not sure if I should be worried about that.

@John99 The link you gave is a different issue. I am looking at CVE-2015-0204

Loe vastust kontekstis 👍 0

All Replies (5)

more options

edit should have been link From http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0024 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0204

From http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0029 It would appear this is an Internet Explorer issue af IE6 & IE8

When I visit https://freakattack.com/clienttest.html with Fx36 I get the all clear

Good News! Your browser appears to be safe from the FREAK Attack! 

but I am not at the moment using Windows. I will check from Windows and post again if that shows an error; but even if it does; I can not see that it will be an issue, other than a false positive, because Firefox is not listed as vulnerable.

Muudetud John99 poolt

more options

That Freak Attack test is clear for me with Firefox 28.0 on WinXP.

more options

which security software are you running on the pc?

more options

Valitud lahendus

I am running Avast 2015 Free Antivirus + Windows Firewall. I just tested again with Avast Web Shield disabled - I get an all clear, same with my other browsers. Presumably this is because Avast is using its own certificate to do MITM. Not sure if I should be worried about that.

@John99 The link you gave is a different issue. I am looking at CVE-2015-0204

more options

Yes, you should be worried because even though Firefox has a secure connection to avast!, avast! has a vulnerable connection to the actual website.

In another thread, a user indicated that avast! has a program update that fixes this issue. https://support.mozilla.org/questions/1050235#answer-699463