The Secunia Personal Software Inspector reports that I have a number of “patched” older Java extensions installed in Firefox. Yet, Firefox itself reports only the very latest, Update 20.
I am very diligent about updating Java and did so after reading Susan’s article in the latest issue of WS, without waiting for auto updates to kick in. I have verified that only the very latest version of Java is installed on this XP SP3 desktop. (I am one of those users who was well-aware of the fact that–until recently–older versions had to be removed manually, that updating Java did NOT automatically remove older, insecure versions.)
None of these installations shows up in Control Panel > Add/Remove. Instead they all are located in the following folder: Mozilla FirefoxextensionsObsolete.
These so-called “obsolete” extensions are embodied in sub-directories named: {CAFEEFAC-0016-0000-00??-ABCDEFEDCBA}, where ?? corresponds to the Java Update number.
1. Why is there a folder for “obsolete” Firefox extensions in the first place if there is only one (the most recent) underlying version of Java installed?
2. Does their presence even in an “obsolete” folder pose any kind of security risk?
3. If there is no valid reason for keeping them around, do they have to be uninstalled in some fashion (say by moving them up one folder tier) or can the folders merely be deleted?
4. Is this issue really nothing more than a tempest in a teapot, a misplaced reporting error for Secunia to resolve?
Many thanks for any and all responses.
