So I had an issue with users getting Firefox installed without having a previous version of Firefox with this .exe. I checked the Files and Registry Settings for detecting the Patch and I can see no detection variables. I have made sure that I selected the .exe before selecting Properties in the Properties for FIREFOX3v3.6_UPGRADE_ENU window. Does anyone know what detection rules are used. I have searched and have been unable to find anything.
They have their vuln logic locked, but you can go to the SQL table and change it to be a custom def (not something for someone to do lighlty), and see what they are looking for.
I have done this recently for another reason and checked just now for you.
Under affected products you will see a list of Firefox versions, when this is a custom def you can "peak" at what this points to.
Here is an example of one of them
firefox logic.jpg 54.1 K