Sneaky Microsoft plug-in puts Firefox users at risk

By +Warwagon
in Back Page News

 Share

Recommended Posts

Grand Master

+Warwagon MVC

Posted
  • MVC
Posted
Sneaky Microsoft plug-in puts Firefox users at risk

An add-on that Microsoft silently slipped into Mozilla's Firefox last February leaves that browser open to attack, Microsoft's security engineers acknowledged earlier this week.

One of the 13 security bulletins Microsoft released Tuesday affects not only Internet Explorer (IE), but also Firefox, thanks to a Microsoft-made plug-in pushed to Firefox users eight months ago in an update delivered via Windows Update.

"While the vulnerability is in an IE component, there is an attack vector for Firefox users as well," admitted Microsoft engineers in a post to the company's Security Research & Defense blog on Tuesday. "The reason is that .NET Framework 3.5 SP1 installs a 'Windows Presentation Foundation' plug-in in Firefox."

For the rest of the article

http://news.idg.no/cw/art.cfm?id=5CF0A4A7-...45F5A54F2136086

Consider that add-on uninstalled from my system. Idiots.

Experienced

oceanmotion

Posted
Posted

I just got the notice from Firefox today. Said the Microsoft.NET Framework Assistant and Windows Presentation Foundation would cause instability and you know what, I have noticed some hanging the last day or so with Firefox open that I never noticed before. Could be related or maybe not. Will see if the issue pops up again.

Grand Master

Eric Veteran

Posted
  • Veteran
Posted (edited)

How do you remove plugins from the blocklist?

EDIT: Fixed. I had to turn off extensions.blocklist.enabled in about:config and reinstall the framework assistant. (Mozilla removed it from their repository. I found it here: http://mirror.atlanticmetro.net/mozilla/addons/9449/)

Do NOT block things on my computer without permission or a way to re-enable them, Mozilla.

Edited by GreyWolfSC
Grand Master

Ci7

Posted
Posted
Probably.

It was also a .NET Framework 3.5 plugin getting installed on firefox anyway.

pretty much,yes

How do you remove plugins from the blocklist?

EDIT: Fixed. I had to turn off extensions.blocklist.enabled in about:config and reinstall the framework assistant. (Mozilla removed it from their repository. I found it here: http://mirror.atlanticmetro.net/mozilla/addons/9449/)

Do NOT block things on my computer without permission or a way to re-enable them, Mozilla.

your link is broken , remove the ")" from the end of the link

:)

Veteran

Tai

Posted
Posted
I just got the notice from Firefox today. Said the Microsoft.NET Framework Assistant and Windows Presentation Foundation would cause instability and you know what, I have noticed some hanging the last day or so with Firefox open that I never noticed before. Could be related or maybe not. Will see if the issue pops up again.

same here, and also noticed my Firefox hanging recently. I'd prefer no Firefox secret installations from Microsoft if they are reading this ...

Grand Master

Eric Veteran

Posted
  • Veteran
Posted
same here, and also noticed my Firefox hanging recently. I'd prefer no Firefox secret installations from Microsoft if they are reading this ...

It's not a secret Firefox installation. The plug-in is installed as part of the .NET Framework and Firefox picks it up automatically. If anything, we should complain to Mozilla for the browser not asking if the "found" plugin should be added. Their methodology could easily activate a hidden malware plugin the same way.

Grand Master

+BeLGaRaTh Subscriber¹

Posted
  • Subscriber¹
Posted

Strangely this morning when I turned my monitor on (My PC is on constantly) I had a warning from Firefox that it had disabled the Windows Foundation plugin (when checking the plugins it just says "known to cause security issues") and it directed me to the webpage https://en-gb.www.mozilla.com/en-GB/blocklist/

Grand Master

goji

Posted
Posted
I just got the notice from Firefox today. Said the Microsoft.NET Framework Assistant and Windows Presentation Foundation would cause instability and you know what, I have noticed some hanging the last day or so with Firefox open that I never noticed before. Could be related or maybe not. Will see if the issue pops up again.

I got the message yesterday as well, right before firefox crashed on me. :no:

Grand Master

Eric Veteran

Posted
  • Veteran
Posted
Mozilla is in your browser, disabling your addons ;)

screw that sh*t

its been all over the net how to disable/remove this Microsoft addon long before they enabled the option

i do not need Mozilla looking out for me

That's what I'm sayin'. I bet Mozilla wouldn't have liked it if Microsoft had uninstalled and blacklisted Firefox due to the crypto spoofing flaw.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • EA launches in-game advertising platform for brands to "connect with audiences"

      By Big John Studd · Posted

      Yeah, this is absolutely nothing new and EA have done it before. Burnout Paradise, released in 2008, had dynamic advertising billboards that were updated via the internet and targeted people based on location and what EA knew about them from their profile. It was particularly notable for the fact that the Obama presidential campaign ran ads in the game, in an attempt to reach a younger audience who didn't watch broadcast TV any more. It was by no means the first though. Battlefield 2142 from 2006 had the same thing. In fact, Neowin wrote a story about it back then. https://www.neowin.net/news/ba...-in-game-ads-clarification/
    • Apple MacBook Neo is a blessing for Windows users, here's why

      By Kravex · Posted

      This is obviously aimed at the education where Apple has lost so much ground to Chromebooks in the last few years, but unless they come up with a comparable management system for education why would anyone switch back?
    • Samsung is shutting down yet another app used by millions

      By David Uzondu · Posted

      Here's how we arrived at that claim: Note that this is just Play Store downloads. The app is also available on the Galaxy App Store
    • Samsung is shutting down yet another app used by millions

      By +Edouard · Posted

      Google Play states the app had more than 50 million downloads. What other metric do you suggest should be used?
    • what other retro software do yall use

      By +InsaneNutter · Posted

      MSN defined our generation in some ways, kind of like Snapchat and TikTok have done for future generations. I have great memories of the MSN era in the late 90s / early 2000s. In the UK everyone seemed to come home from School and go on MSN for the evening. We didn't really have mobile phones then, so other than going and knocking on your friends door it was a totally new way of interacting with people. I also loved how I could talk to people I’d met playing online games from around the world. Inviting people to NetMeeting and messing about with the shared white board and webcams was pretty fun, even if webcams only ran at a couple of fps over dial-up. All the random things you could do with MsgPlus! were really fun - I suspect that made a few people jump with /shello randomly blasting Mr Hankey out their speakers! Maybe I’m just nostalgic, however I do feel the internet and computers were more fun back then.

  • Recent Achievements

    • One Year In
      Console General earned a badge
      One Year In
    • One Year In
      Twozo Technologies earned a badge
      One Year In
    • One Month Later
      Twozo Technologies earned a badge
      One Month Later
    • Week One Done
      Twozo Technologies earned a badge
      Week One Done
    • Veteran
      branfont went up a rank
      Veteran

  • Popular Contributors

    1. 1
      +primortal
      532
    2. 2
      +Edouard
      206
    3. 3
      PsYcHoKiLLa
      130
    4. 4
      Steven P.
      90
    5. 5
      neufuse
      74
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!