Firefox updating message misleads users

Over the course of last weekend I was busy setting up some new systems. During that process I came across an old virtual machine that I decided to fire up.

Upon launching Firefox on that machine I was greeted by the following:

Now what’s wrong with this picture? Quite a lot if you take a good look.The issue of course is that Firefox is nowhere near the latest version of Firefox. Even worse, the message is flawed in two ways. Not only are we at Firefox 3.x. but Firefox isn’t even the latest release in the 2.x branch.

So the message is incorrect as regards both major and minor releases. Now one could argue that the auto-update mechanism takes care of this problem. But that can be turned off for a whole variety of reasons. Fact of the matter is that this is plain sloppy on Mozilla’s end.

Sadly, launching such incorrect messages is not particularly a new issue for Mozilla, and in my opinion such carelessness about easy-to-fix issues does not send a good message. Since the page is actually being downloaded from Mozilla’s site, it really shouldn’t be too much work for them to fix.

However when checking the situation for the 3.x branch of Firefox a better result appeared.

This means that the Mozilla guys got around fixing this page for the latest release branch, but forgot about the earlier branch.

Let’s hope that Mozilla gets around to fixing this so that the pages will correctly show if a version is up to date or not. Even if it’s only the older branch being affected. After all, we all know that there are millions of people out there who take forever to update.

Firefox updating message misleads users

Your email address will not be published. Required fields are marked *



Focus on DroxiDat/SystemBC

An unknown actor targeted an electric utility in southern Africa with Cobalt Strike beacons and DroxiDat, a new variant of the SystemBC payload. We speculate that this incident was in the initial stages of a ransomware attack.

APT trends report Q2 2023

This is our latest summary of the significant events and findings, focusing on activities that we observed during Q2 2023.

Meet the GoldenJackal APT group. Don’t expect any howls

GoldenJackal is an APT group, active since 2019, that usually targets government and diplomatic entities in the Middle East and South Asia. The main feature of this group is a specific toolset of .NET malware, JackalControl, JackalWorm, JackalSteal, JackalPerInfo and JackalScreenWatcher.

Subscribe to our weekly e-mails

The hottest research right in your inbox