Sneaky Microsoft plug-in puts Firefox users at risk

By +Warwagon
in Back Page News

 Share

Recommended Posts

Grand Master

+Warwagon MVC

Posted
  • MVC
Posted
Sneaky Microsoft plug-in puts Firefox users at risk

An add-on that Microsoft silently slipped into Mozilla's Firefox last February leaves that browser open to attack, Microsoft's security engineers acknowledged earlier this week.

One of the 13 security bulletins Microsoft released Tuesday affects not only Internet Explorer (IE), but also Firefox, thanks to a Microsoft-made plug-in pushed to Firefox users eight months ago in an update delivered via Windows Update.

"While the vulnerability is in an IE component, there is an attack vector for Firefox users as well," admitted Microsoft engineers in a post to the company's Security Research & Defense blog on Tuesday. "The reason is that .NET Framework 3.5 SP1 installs a 'Windows Presentation Foundation' plug-in in Firefox."

For the rest of the article

http://news.idg.no/cw/art.cfm?id=5CF0A4A7-...45F5A54F2136086

Consider that add-on uninstalled from my system. Idiots.

Experienced

oceanmotion

Posted
Posted

I just got the notice from Firefox today. Said the Microsoft.NET Framework Assistant and Windows Presentation Foundation would cause instability and you know what, I have noticed some hanging the last day or so with Firefox open that I never noticed before. Could be related or maybe not. Will see if the issue pops up again.

Grand Master

Eric Veteran

Posted
  • Veteran
Posted (edited)

How do you remove plugins from the blocklist?

EDIT: Fixed. I had to turn off extensions.blocklist.enabled in about:config and reinstall the framework assistant. (Mozilla removed it from their repository. I found it here: http://mirror.atlanticmetro.net/mozilla/addons/9449/)

Do NOT block things on my computer without permission or a way to re-enable them, Mozilla.

Edited by GreyWolfSC
Grand Master

Ci7

Posted
Posted
Probably.

It was also a .NET Framework 3.5 plugin getting installed on firefox anyway.

pretty much,yes

How do you remove plugins from the blocklist?

EDIT: Fixed. I had to turn off extensions.blocklist.enabled in about:config and reinstall the framework assistant. (Mozilla removed it from their repository. I found it here: http://mirror.atlanticmetro.net/mozilla/addons/9449/)

Do NOT block things on my computer without permission or a way to re-enable them, Mozilla.

your link is broken , remove the ")" from the end of the link

:)

Veteran

Tai

Posted
Posted
I just got the notice from Firefox today. Said the Microsoft.NET Framework Assistant and Windows Presentation Foundation would cause instability and you know what, I have noticed some hanging the last day or so with Firefox open that I never noticed before. Could be related or maybe not. Will see if the issue pops up again.

same here, and also noticed my Firefox hanging recently. I'd prefer no Firefox secret installations from Microsoft if they are reading this ...

Grand Master

Eric Veteran

Posted
  • Veteran
Posted
same here, and also noticed my Firefox hanging recently. I'd prefer no Firefox secret installations from Microsoft if they are reading this ...

It's not a secret Firefox installation. The plug-in is installed as part of the .NET Framework and Firefox picks it up automatically. If anything, we should complain to Mozilla for the browser not asking if the "found" plugin should be added. Their methodology could easily activate a hidden malware plugin the same way.

Grand Master

+BeLGaRaTh Subscriber¹

Posted
  • Subscriber¹
Posted

Strangely this morning when I turned my monitor on (My PC is on constantly) I had a warning from Firefox that it had disabled the Windows Foundation plugin (when checking the plugins it just says "known to cause security issues") and it directed me to the webpage https://en-gb.www.mozilla.com/en-GB/blocklist/

Grand Master

goji

Posted
Posted
I just got the notice from Firefox today. Said the Microsoft.NET Framework Assistant and Windows Presentation Foundation would cause instability and you know what, I have noticed some hanging the last day or so with Firefox open that I never noticed before. Could be related or maybe not. Will see if the issue pops up again.

I got the message yesterday as well, right before firefox crashed on me. :no:

Grand Master

Eric Veteran

Posted
  • Veteran
Posted
Mozilla is in your browser, disabling your addons ;)

screw that sh*t

its been all over the net how to disable/remove this Microsoft addon long before they enabled the option

i do not need Mozilla looking out for me

That's what I'm sayin'. I bet Mozilla wouldn't have liked it if Microsoft had uninstalled and blacklisted Firefox due to the crypto spoofing flaw.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.