Print
Microsoft’s .NET Framework 3.5 Service Pack 1 (SP1) update, which came out last February, seems to have slipped a roofie to both Internet Explorer (IE) and Firefox in the form of a “browse-and-get-owned attack vector.” The issue with Firefox is a point of contention with some users because Microsoft didn't make users aware that Firefox was being modified.
The security weakness was introduced through the Windows Presentation Foundation plug-in, which was installed both in IE and Firefox. According to Annoyances.org, the update made Firefox susceptible to one of IE’s biggest weaknesses: “the ability for websites to easily and quietly install software on your PC.”
Initially, the plug-in couldn’t be removed from Firefox, a problem rectified by a May update to the .NET Framework 3.5 SP1. However, given that Microsoft has revisited the issue in a newly released security bulletin, the problem seems to persist.
If you are a Firefox user and have .NET Framework 3.5 installed you might want to check for the Windows Presentation Foundation plug-in and, if it is present, disable it. Microsoft’s security bulletin provides these instructions: “Tools”-> “Add-ons” -> “Plugins”, select “Windows Presentation Foundation”, and click “Disable”.
Image Credit: ktpupp/flickr
Comments are closed on this article
MeTo
October 17, 2009 at 6:46am
I have it and it was automatically disabled. There are day's MS just pisses me off. And MS wonders why Apple keeps gaining market share. 10 years ago Apple had about 5% now i see they have about 10% small gain but it is a gain.
DBsantos77
October 16, 2009 at 10:54pm
Lol about a minute and a half ago I got a dialog to disable it from FireFox.
-Santos
whitneymr
October 16, 2009 at 9:04pm
As I was reading this Firefox popped up a box saying they were disableing them. At least Firefox moved on it.
ghot
October 16, 2009 at 7:54pm
...the Microsoft DRM Plugin while we're at it? LOL?
Take an OS, and edit out all the efficiency, and what you have left is a post-XP Microsoft operating system :)
I Jedi
October 16, 2009 at 6:52pm
It looks as if Mozilla jumped on the issue rather quickly: http://img96.imageshack.us/img96/6305/21321t.png
Blaze589
October 16, 2009 at 5:42pm
It seems that I have that plug in. Thanks for the info as it's now disabled.
jcollins
October 16, 2009 at 3:40pm
I'll have to double check if I have it. I'm guessing not since .Net Framework 3.5 SP1 has been failing to install with an unknown error...
Tekzel
October 16, 2009 at 3:05pm
Well, apparently I have been missing out! I don't seem to have that particular plug-in.
coldroll
October 18, 2009 at 1:50am
I had this plugin on my last vista installation and got alot of viruses in firefox, stupid vista!
