Stealthy Microsoft Plug-in Adds Vulnerability to Firefox
Stealthy Microsoft Plug-in Adds Vulnerability to Firefox
Posted 10/16/2009 at 1:17pm
| by Bart Salisbury
11
Comments
Print
Microsoft’s .NET Framework 3.5 Service Pack 1 (SP1) update, which came out last February, seems to have slipped a roofie to both Internet Explorer (IE) and Firefox in the form of a “browse-and-get-owned attack vector.” The issue with Firefox is a point of contention with some users because Microsoft didn't make users aware that Firefox was being modified.
The security weakness was introduced through the Windows Presentation Foundation plug-in, which was installed both in IE and Firefox. According to Annoyances.org, the update made Firefox susceptible to one of IE’s biggest weaknesses: “the ability for websites to easily and quietly install software on your PC.”
Initially, the plug-in couldn’t be removed from Firefox, a problem rectified by a May update to the .NET Framework 3.5 SP1. However, given that Microsoft has revisited the issue in a newly released security bulletin, the problem seems to persist.
If you are a Firefox user and have .NET Framework 3.5 installed you might want to check for the Windows Presentation Foundation plug-in and, if it is present, disable it. Microsoft’s security bulletin provides these instructions: “Tools”-> “Add-ons” -> “Plugins”, select “Windows Presentation Foundation”, and click “Disable”.
Image Credit: ktpupp/flickr
More like this
MeTo
October 17, 2009 at 5:46am
I have it and it was automatically disabled. There are day's MS just pisses me off. And MS wonders why Apple keeps gaining market share. 10 years ago Apple had about 5% now i see they have about 10% small gain but it is a gain.
DBsantos77
October 16, 2009 at 9:54pm
Lol about a minute and a half ago I got a dialog to disable it from FireFox.
-Santos
whitneymr
October 16, 2009 at 8:04pm
As I was reading this Firefox popped up a box saying they were disableing them. At least Firefox moved on it.
ghot
October 16, 2009 at 6:54pm
...the Microsoft DRM Plugin while we're at it? LOL?
Take an OS, and edit out all the efficiency, and what you have left is a post-XP Microsoft operating system :)
I Jedi
October 16, 2009 at 5:52pm
It looks as if Mozilla jumped on the issue rather quickly: http://img96.imageshack.us/img96/6305/21321t.png
Blaze589
October 16, 2009 at 4:42pm
It seems that I have that plug in. Thanks for the info as it's now disabled.
jcollins
October 16, 2009 at 2:40pm
I'll have to double check if I have it. I'm guessing not since .Net Framework 3.5 SP1 has been failing to install with an unknown error...
Tekzel
October 16, 2009 at 2:05pm
Well, apparently I have been missing out! I don't seem to have that particular plug-in.
coldroll
October 18, 2009 at 12:50am
I had this plugin on my last vista installation and got alot of viruses in firefox, stupid vista!
Connect with MaximumPC
Featured Content
We introduce Intel's latest class of tablet killers and review 4 of the first Ultra...
Where have all the memorable videogame enemies gone?
This month's issue
Feature
11 Hardware Hacks
Feature
Overclock Your CPU
How-To
Supercharge Your Smartphone
Build It
A Powerful $830 Rig
Most Commented Articles
Latest Max PC Tweets
- maximumpc: Multi-Monitor Usage On The Rise http://t.co/eWfJfCEG14 hours 39 min ago
- maximumpc: Windows 8 Consumer Preview Coming On February 29 http://t.co/3Nd04FdR20 hours 27 min ago
- maximumpc: Can RIM *ever* catch a break? Not today! App World numbers not as great as previously reported http://t.co/3ERRhr311 day 16 hours ago
