Donate

KeeFox version security warning

All KeeFox users have just received a notification that their version of KeeFox is very old and requires upgrading.

There are no known security faults with previous versions but as I'm sure you can understand, the reason this version warning exists is to remind you that running old unsupported versions does carry an inherently higher risk than staying up to date with the latest version.

The latest version of KeeFox as of 9th January 2015 at 10:00 GMT was 1.4.4. Unfortunately, even users running that most up-to-date version were notified that their version is "very old".

A new version (1.4.5) has been released at 11:00 GMT which fixes the problem that led to this incorrect warning.

I recommend the following action:

Go to your Firefox add-ons tab (in recent versions of Firefox you find this in the main/overflow menu with three horizontal lines).

  • If your version number has a "b" in it, you are using a beta version of KeeFox (thanks!). Please upgrade to 1.4.5b2 (or let the automatic update occur in its own time).
  • If the KeeFox version you have installed is 1.4.3 or lower, you should consider upgrading to the latest version.
  • If the KeeFox version you have installed is 1.4.4 or higher, you do not need to do anything further but you may wish to manually upgrade to 1.4.5. You should do this soon but there are no known security issues with 1.4.4 so if you prefer to wait until Firefox installs the update automatically or until a more convenient time that would be safe.

I'm sorry that this notification has been distributed so widely and can only apologise for any concern or confusion this has caused. As you can see from following the advice above, for the vast majority of users this was a false alarm. I understand how serious such a false warning can be, thank you for treating the warning with the attention it deserved and hope that this one mistake will not discourage you from paying attention to any future security warnings.

This happened because I forgot to update a date in the KeeFox configuration so I will now investigate alternative approaches that are less reliant on my memory. For the time being, users upgrading to KeeFox 1.4.5 will have at least 2 years before this problem occurs again and I'll make sure something is changed before then.

Sorry again if this was an unnecessary interruption for you!


Article categories: [keefox news release security]
Published on: 9 January 2015