InsigtVM agents detects wrong version of Firefox

Is there a way do see more evidence about the vulnerabilities found by a Rapid7 agent?

There is a difference in the Rapid7 console, compared to what I can find op the PC.

What Rapid7 insightVM is saying:
Vulnerable software installed: Mozilla Firefox 78.8.0 (C:\Program Files\Mozilla Firefox\firefox.exe)

My computer says:
C:\Program Files\Mozilla Firefox>firefox.exe -v | more
Mozilla Firefox 88.0.1

When I remove Firefox completely, the “problem” is gone. But when I install version 88.0.1 again, it detects both versions again. I search the whole computer, without success for the old version.

In the installed software section are both versions mentioned.

Had a similar issue and worked through with support. Turned out to be an orphaned regkey from a roaming profile found here:

HKEY_USERS<sid>\Software\Mozilla\Mozilla Firefox<ver> (x64 en-US)\Main HEKY_USERS<sid>\Software\Mozilla\Mozilla Firefox \bin

Hope that helps,

Thank you! I’ll check it. If this solves my problem. The “proof” is wrong in InsightVM.

This was actually the solution.

I wrote a PowerShell script to go update that registry to match the actual installed version, even.