Module 7: Observing Vulnerabilities in Deprecated Software

Step 1: Download and Install an Old Version of Firefox on the Virtual Machine

1. Access the Virtual Machine:

   • Open VMware Workstation Player and launch the Windows 11 virtual machine.

   • Ensure you are working within the virtual machine to avoid installing deprecated software on your host system.

2. Download an Old Version of Firefox:

   • Open Microsoft Edge (or another browser) within the virtual machine.

   • Search for "Download old version of Firefox 36.12" or visit a website that archives old Firefox versions.

   • Navigate through the list of archived versions and select Firefox version 36.12 (or any older version suitable for testing).

   • Download the installer for Firefox 36.12 in the virtual machine.

3. Install Firefox 36.12:

   • Once the installer downloads, open it to begin installation.

   • Follow the installation prompts:

     • Select Next and choose Standard Installation.

     • Click Install and wait for Firefox to install.

     • Launch Firefox upon completion to confirm it is installed, then close it.

Step 2: Run a New Credentialed Scan in Nessus Essentials

1. Access Nessus Essentials:

   • Open Nessus Essentials on your host computer by navigating to https://localhost:8834 in your browser.

2. Launch a New Scan:

   • Go to the Scans section in Nessus.

   • Locate the existing scan configured for the Windows 11 virtual machine and click Launch to start a new scan.

3. Scan Configuration:

   • Since you already configured credentials, this scan will be able to inspect deeper aspects of the VM, such as the registry, services, file system, and any installed applications, including the deprecated version of Firefox.

4. Monitor the Scan:

   • The scan may take a few minutes. Nessus will analyze the VM and log findings as it detects vulnerabilities.

Step 3: Review and Compare Scan Results

1. View Completed Scan Results:

   • Once the scan finishes, click on the scan to review the results.

   • You should notice an increase in the number of detected vulnerabilities due to the deprecated Firefox installation.

2. Check Vulnerability Severity:

   • Go to the Vulnerabilities tab. Here, you’ll see critical, high, medium, and low vulnerabilities.

   • You should see that the old version of Firefox is flagged with numerous critical vulnerabilities due to its outdated and insecure nature.

3. View Historical Trends:

   • Click on History to compare this scan with previous scans.

     • First Scan: Without credentials, showing limited findings.

     • Second Scan: With credentials, showing more in-depth results, including some critical issues.

     • Current Scan: With deprecated Firefox installed, significantly more critical vulnerabilities are present.

4. Analyze Findings in the Vulnerabilities Tab:

   • In the Vulnerabilities tab, locate Firefox-related vulnerabilities. You should see a high count of critical issues tied to the old Firefox version.

   • Click on the top vulnerability listing for Firefox to see more details. Nessus will show the list of detected issues with explanations and potential impacts.

5. Review Recommended Remediations:

   • Go to the Remediations tab. Nessus will list high-level solutions to address these vulnerabilities.

   • At the top, you should see a recommendation to upgrade Firefox to the latest version or uninstall it to resolve the vulnerabilities associated with Firefox 36.12.

6. View VPR Top Threats:

   • In the VPR Top Threats tab, you’ll find prioritized vulnerabilities based on risk and impact. Firefox-related vulnerabilities should appear at the top due to their high severity.