Sneaky Microsoft plug-in puts Firefox users at risk

By +Warwagon
in Back Page News

 Share

Recommended Posts

Grand Master

ichi

Posted
Posted
It's not a secret Firefox installation. The plug-in is installed as part of the .NET Framework and Firefox picks it up automatically. If anything, we should complain to Mozilla for the browser not asking if the "found" plugin should be added. Their methodology could easily activate a hidden malware plugin the same way.

The installer could bypass any checking done by firefox anyway, there's really not much point in implementing such thing.

Experienced

ilev

Posted
Posted
That's what I'm sayin'. I bet Mozilla wouldn't have liked it if Microsoft had uninstalled and blacklisted Firefox due to the crypto spoofing flaw.

You are forgetting one thing. Windows OS is not your even after you've paid for it. You just bought the right to use it, like a lease.It is Microsoft's which controls the OS completely and has the right to wipe the OS, stop it from running, install what ever Microsoft want.... and there is nothing you can do about it apart from formating and moving to free OS, like Linux.....

Mentor

franzon

Posted
Posted (edited)

"This was obviously pushed through just to make some anti-microsoftie's pud hard.

This vulnerability is completely fixed, as much as anyone can know for now in the latest updates. see http://blogs.technet.com/srd/archive/2009/...2/ms09-054.aspx

Yes, there may still be a "potential vulnerability" but that is true for every single plugin/addin and firefox itself.

Thanks for disabling something that we were already protected from that we use in line of business applications. :rolleyes:

I guess our decision to move to firefox company wide was a mistake and we'll have to push out a script to set everyone back to IE as the default browser before Monday if this isn't recalled ASAP."

https://bugzilla.mozilla.org/show_bug.cgi?id=522777#c65

Edited by franzon
Grand Master

episode

Posted
Posted
You are forgetting one thing. Windows OS is not your even after you've paid for it. You just bought the right to use it, like a lease.It is Microsoft's which controls the OS completely and has the right to wipe the OS, stop it from running, install what ever Microsoft want.... and there is nothing you can do about it apart from formating and moving to free OS, like Linux.....

None of this is accurate.

Yes, you are only licensing the software. However, you have the right to use your license as purchased, and they can't just 'stop it from running'.

Grand Master

Eric Veteran

Posted
  • Veteran
Posted
"This was obviously pushed through just to make some anti-microsoftie's pud hard.

This vulnerability is completely fixed, as much as anyone can know for now in the latest updates. see http://blogs.technet.com/srd/archive/2009/...2/ms09-054.aspx

Yes, there may still be a "potential vulnerability" but that is true for every single plugin/addin and firefox itself.

Thanks for disabling something that we were already protected from that we use in line of business applications. :rolleyes:

I guess our decision to move to firefox company wide was a mistake and we'll have to push out a script to set everyone back to IE as the default browser before Monday if this isn't recalled ASAP."

https://bugzilla.mozilla.org/show_bug.cgi?id=522777#c65

They're really catching the crap for it now... :p

Mentor

arrrgh

Posted
Posted

Yeah, that one guy on the internets is totally owning Mozilla!

Considering Microsoft agrees with the blacklist, I doubt any reasonable person has a problem with this.

I spoke on the phone with the responsible director at Microsoft on Friday, and

she agreed that the blocklist was the right approach. We can evaluate changes

to the blocklist in the future, and updates take effect quite quickly, but

right now both Microsoft and Mozilla are in agreement that this is the best way

to protect our mutual users.

https://bugzilla.mozilla.org/show_bug.cgi?id=522777#c56

Grand Master

Subject Delta

Posted
Posted

Gotta love how the FF devs have gotten on their high horse about this, and gone off after Microsoft with their usual Inane banter.

Although I agree that Microsoft should make the installation Optional, it has also highlighted the need for Mozilla to have a rethink of the security within their browser, and other browser vendors as well, the fact that unsigned plugins can install themselves and be activated no questions asked is worrying

Contributor

Ash_09

Posted
Posted

i know this may sound stupid , but is this anything to do with firefox throwing a random error box up at me an hour or so ago saying a couple of add-ons may cause conflicts ? i followed the link from the pop up and even tho it was the firefox google page it said invalid security certificate , but going to the same page from my normal firefox window worked without issue .

Grand Master

Eric Veteran

Posted
  • Veteran
Posted
so was it this add on that was causing the memory leaks?

No. The Framework Asssistant doesn't do anything except add the MIME type for .NET ClickOnce applications to Firefox so Windows can open them. I'm assuming the WPF one allows WPF applications to run on Firefox in much the same way.

Grand Master

Eric Veteran

Posted
  • Veteran
Posted
Stop whining, its actually a good thing Mozilla was able to block this application without any user intervention, especially those who do not read up on current security exploits.

As I said before, it's understandable there was a security issue, but I doubt Mozilla would have appreciated Microsoft uninstalling and blocking Firefox due to its security issues. You don't just remove another company's products from a user's computer without providing explicit information why and an opt-out.

What irritates me is that it didn't have an option to leave them anyway and it didn't have a link to the patch KB article so people could just make sure they were updated rather than banning two addons that could potentially cost corporate users tens of thousands of dollars in support Monday morning.

Grand Master

Ci7

Posted
Posted
As I said before, it's understandable there was a security issue, but I doubt Mozilla would have appreciated Microsoft uninstalling and blocking Firefox due to its security issues. You don't just remove another company's products from a user's computer without providing explicit information why and an opt-out.

What irritates me is that it didn't have an option to leave them anyway and it didn't have a link to the patch KB article so people could just make sure they were updated rather than banning two addons that could potentially cost corporate users tens of thousands of dollars in support Monday morning.

+1

it really F***ing annoy me ,for one side action

if they try to pi$$ me off again , then Bye bye FireFox . Back to IE!

Grand Master

Ci7

Posted
Posted
One side? They asked Microsoft and they themselves recommended blacklisting the plugin. I don't know where you guys keep pulling this crap.

cause Mozilla didn't ask for my consent to disable the plugin duh!

Mentor

arrrgh

Posted
Posted
cause Mozilla didn't ask for my consent to disable the plugin duh!

ah, my bad. I thought you meant one sided in the sense that Mozilla disabled something that belongs to Microsoft behind their back.

"Soft blocks" (where in cases like this Firefox would pop up a warning dialog but wouldn't disable the extension/plugin) have actually been already checked in but the server side functionality hasn't been enabled yet so it couldn't be used in this case. Hopefully this incident gets them wrap up the server side support quickly.

Related bugs:

https://bugzilla.mozilla.org/show_bug.cgi?id=455906

https://bugzilla.mozilla.org/show_bug.cgi?id=462433

Grand Master

+Warwagon MVC

Posted
  • Author
  • MVC
Posted
+1

if they try to pi$$ me off again , then Bye bye FireFox . Back to IE!

:laugh:

Oh yes, go to go back to a more unsecure browser just because mozilla blocks an extension. Boo Hoo.

on the same note, Microsoft ****es me off for automatically installing this extension. But I'm not going to boycott the .net framework or windows because of it.

cause Mozilla didn't ask for my consent to disable the plugin duh!

I don't remember Microsoft Asking for consent to install the plugin in the first place.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.