Stealthy Microsoft Plug-in Adds Vulnerability to Firefox
Posted 10/16/09 at 04:17:22 PM by Bart Salisbury
Comments
Print
Email
Microsoft’s .NET Framework 3.5 Service Pack 1 (SP1) update, which came out last February, seems to have slipped a roofie to both Internet Explorer (IE) and Firefox in the form of a “browse-and-get-owned attack vector.” The issue with Firefox is a point of contention with some users because Microsoft didn't make users aware that Firefox was being modified.
The security weakness was introduced through the Windows Presentation Foundation plug-in, which was installed both in IE and Firefox. According to Annoyances.org, the update made Firefox susceptible to one of IE’s biggest weaknesses: “the ability for websites to easily and quietly install software on your PC.”
Initially, the plug-in couldn’t be removed from Firefox, a problem rectified by a May update to the .NET Framework 3.5 SP1. However, given that Microsoft has revisited the issue in a newly released security bulletin, the problem seems to persist.
If you are a Firefox user and have .NET Framework 3.5 installed you might want to check for the Windows Presentation Foundation plug-in and, if it is present, disable it. Microsoft’s security bulletin provides these instructions: “Tools”-> “Add-ons” -> “Plugins”, select “Windows Presentation Foundation”, and click “Disable”.
Image Credit: ktpupp/flickr
I keep telling my mom but
Submitted by ready4war on Sat, 10/24/2009 - 1:24pm
I keep telling my mom but SHE DOnt CAre!!!!!!!!!!!!!!!!!!!
Submitted by MeTo on Sat, 10/17/2009 - 5:46am
I have it and it was automatically disabled. There are day's MS just pisses me off. And MS wonders why Apple keeps gaining market share. 10 years ago Apple had about 5% now i see they have about 10% small gain but it is a gain.
Lol about a minute and a
Submitted by DBsantos77 on Fri, 10/16/2009 - 9:54pm
Lol about a minute and a half ago I got a dialog to disable it from FireFox.
-Santos
As I was reading this
Submitted by whitneymr on Fri, 10/16/2009 - 8:04pm
As I was reading this Firefox popped up a box saying they were disableing them. At least Firefox moved on it.
Should we also Disable....
Submitted by ghot on Fri, 10/16/2009 - 6:54pm
...the Microsoft DRM Plugin while we're at it? LOL?
Take an OS, and edit out all the efficiency, and what you have left is a post-XP Microsoft operating system :)
It looks as if Mozilla
Submitted by I Jedi on Fri, 10/16/2009 - 5:52pm
It looks as if Mozilla jumped on the issue rather quickly: http://img96.imageshack.us/img96/6305/21321t.png
It seems that I have that
Submitted by Blaze589 on Fri, 10/16/2009 - 4:42pm
It seems that I have that plug in. Thanks for the info as it's now disabled.
Submitted by I Jedi on Fri, 10/16/2009 - 3:47pm
Fuck me... I have .NET SP1
I'll have to double check if
Submitted by jcollins on Fri, 10/16/2009 - 2:40pm
I'll have to double check if I have it. I'm guessing not since .Net Framework 3.5 SP1 has been failing to install with an unknown error...
Well, apparently I have been
Submitted by Tekzel on Fri, 10/16/2009 - 2:05pm
Well, apparently I have been missing out! I don't seem to have that particular plug-in.
Must Read Articles
Feature
Review
Feature
Feature
Feature
Most Popular Articles
This Month's Issue
FEATURE How to Get FREE Programs, Services, Software & MoreFEATURE Digital Photo Printer RoundupHOW TOBuild a 3D CameraFEATUREDIY Arcade PCWHITE PAPERHow TRIM Works
Technology News
Computer Cooling Fans
Computer Cases
PC Game Controllers
PC Games
Computer Hardware
Headphones
MP3 Players
Stream Video
Computer Mouse
Monitors
Motherboards
NAS Storage
Networking
Laptop Computers
DVD Burner
Digital Cameras
Portable Storage
Computer Accessories
Smartphone
Antivirus Software
Sound Cards
Speakers
Computer Systems
Thumb Drives
Video Cameras
Video Card Reviews
Water Cooling
Gadgets
- Keyboards
© 2009 Future US, Inc. All Rights Reserved.