Posted 10/19/09 at 10:32:24 AM by Paul Lilly

In a blog post on Friday, Mike Shaver, Mozilla's VP of Engineering, explained why his company had decided to block Microsoft's .NET Framework Assistant add-on to the Firefox browser.

"It's recently surfaced that it has a serious security vulnerability, and Microsoft is recommending that all users disable the add-on," Shaver wrote. "Because of the difficulties some users have had entirely removing the add-on, and because of the severity of the risk it represents if not disabled, we contacted Microsoft today to indicate that we were looking to disable the extension and plugin for all users via our blocklisting mechanism."

And so Mozilla did just that, as you may have noticed over the weekend if you're a Firefox user. But as it turns out, the add-on may not be so harmful after all.

"We received confirmation from Microsoft this evening that the Framework Assistant add-on is not a mechanism for exploiting the vulnerabilities detailed in the earlier post, so we've removed it from the blocklist," Mozilla said.

Mozilla went on to say that the blocklist update propagates to clients, so if the add-on was previously disabled, it should automatically re-enable, though you'll need to restart your browser for it to take effect.

Read More

Posted 10/16/09 at 04:17:22 PM by Bart Salisbury

Microsoft’s .NET Framework 3.5 Service Pack 1 (SP1) update, which came out last February, seems to have slipped a roofie to both Internet Explorer (IE) and Firefox in the form of a “browse-and-get-owned attack vector.” The issue with Firefox is a point of contention with some users because Microsoft never made clear the update would affect Firefox, and users weren’t made aware that Firefox was being modified.

The security weakness was introduced through the Windows Presentation Foundation plug-in, which was installed both in IE and Firefox. According to Annoyances.org, the update made Firefox susceptible to one of IE’s biggest weaknesses: “the ability for websites to easily and quietly install software on your PC.”

Initially, the plug-in couldn’t be removed from Firefox, a problem rectified by a May update to the .NET Framework 3.5 SP1. However, given that Microsoft has revisited the issue in a newly released security bulletin, the problem seems to persist.

If you are a Firefox user and have .NET Framework 3.5 installed you might want to check for the Windows Presentation Foundation plug-in and, if it is present, disable it. Microsoft’s security bulletin provides these instructions: “Tools”-> “Add-ons” -> “Plugins”, select “Windows Presentation Foundation”, and click “Disable”.

Read More

Posted 10/29/08 at 02:49:54 PM by Mark Edward Soper

It was called "Project Red Dog" during development, but this week Microsoft revealed its favorite color for its cloud computing development platform is actually blue - Azure, in fact.

Windows Azure Services Platform was introduced at this week's PDC, and includes the following key components, according to eWeek:

• Windows Azure (service hosting, management, low-level scalable storage, computation and networking)
• Microsoft SQL Services (databases and reporting)
• Microsoft .NET Services (.NET Framework workflow, access control, and so forth)
• Live Services (file and media synchronization between PCs, phones, apps and website)
• Microsoft SharePoint Services and CRN Services (business content, collaboration, and rapid solution development)

To learn more about the Azure platform, and what it might mean for the future of Microsoft, join us after the break.

Read More