InsigtVM agents detects wrong version of Firefox

sbroekhoven · June 1, 2021, 2:19pm

Is there a way do see more evidence about the vulnerabilities found by a Rapid7 agent?

There is a difference in the Rapid7 console, compared to what I can find op the PC.

What Rapid7 insightVM is saying:
Vulnerable software installed: Mozilla Firefox 78.8.0 (C:\Program Files\Mozilla Firefox\firefox.exe)

My computer says:
C:\Program Files\Mozilla Firefox>firefox.exe -v | more
Mozilla Firefox 88.0.1

When I remove Firefox completely, the “problem” is gone. But when I install version 88.0.1 again, it detects both versions again. I search the whole computer, without success for the old version.

In the installed software section are both versions mentioned.

josh_cantrell · June 4, 2021, 7:53pm

Had a similar issue and worked through with support. Turned out to be an orphaned regkey from a roaming profile found here:

HKEY_USERS<sid>\Software\Mozilla\Mozilla Firefox<ver> (x64 en-US)\Main HEKY_USERS<sid>\Software\Mozilla\Mozilla Firefox \bin

Hope that helps,
Josh

sbroekhoven · June 7, 2021, 2:40pm

Thank you! I’ll check it. If this solves my problem. The “proof” is wrong in InsightVM.

sbroekhoven · June 11, 2021, 8:45am

This was actually the solution.

christina_schelin · August 6, 2021, 2:38pm

I wrote a PowerShell script to go update that registry to match the actual installed version, even.