thaimite Posted October 18, 2009 Share Posted October 18, 2009 Sneaky Microsoft plug-in puts Firefox users at risk Patches critical bug, exploitable because of add-on silently slipped into Firefox last February Computerworld - An add-on that Microsoft silently slipped into Mozilla's Firefox last February leaves the browser open to attack, Microsoft's security engineers acknowledged earlier this week. One of the 13 security bulletins Microsoft released Tuesday affects not only Internet Explorer (IE), but also Firefox, thanks to a Microsoft-made plug-in pushed to Firefox users eight months ago in an update delivered via Windows Update. Annoyances also said the threat to Firefox users is serious. "This update adds to Firefox one of the most dangerous vulnerabilities present in all versions of Internet Explorer: the ability for Web sites to easily and quietly install software on your PC," said the hints and tips site. "Since this design flaw is one of the reasons [why] you may have originally chosen to abandon IE in favor of a safer browser like Firefox, you may wish to remove this extension with all due haste." This week, Microsoft did not revisit the origin of the .NET add-on, but simply told Firefox users that they should uninstall the component if they weren't able to deploy the patches provided in the MS09-054 update. According to Microsoft, the vulnerability is "critical," and also can be exploited against users running any version of IE, including IE8. http://www.computerworld.com/s/article/913...x_users_at_risk I don't know about you guys, but one of the main reasons I use Firefox is to get away from the Micrsoft crap Link to comment Share on other sites More sharing options...
ozsamurai Posted October 18, 2009 Share Posted October 18, 2009 This page lists blocklisted add-ons that should no longer be used with Mozilla products Internet Download Manager, v2.1-3.3 for Firefox 3.0a1 and newer. Reason: caused startup crashes (see bug 382356). Free Download Manager, v1.0-1.3.1 for Firefox 3.0a1 and newer. Reason: high crash volume (see bug 408445). Yahoo Application State Plugin, v1.0.0.5 and older for Firefox 3.0a1 and newer. Reason: high crash volume (see bug 419127). Vietnamese Language Pack, v2.0 for all applications. Reason: corrupted files (see bug 432406). Apple QuickTime Plugin, v7.1.*, for all Firefox 3 versions on Windows. Reason: remote code execution in multiple versions (see bug 430826). Crawler Toolbar, for Firefox 3.0a1 and newer. Reason: high crash volume (see bug 441649). Daemon Tools Toolbar, versions older than 1.0.0.5, for all applications. Reason: high crash volume (see bug 459850). AVG SafeSearch, versions older than 8.0, for Firefox 3.1a1 and newer. Reason: breaks a core navigation method (see bug 479095). Microsoft .NET Framework Assistant and Windows Presentation Foundation, all versions, for all applications. Reason: remote code execution vulnerability (see bug 522777). Link to comment Share on other sites More sharing options...
sammycic Posted October 18, 2009 Share Posted October 18, 2009 was just using firefox and a popup came up saying it had blocked the above. Link to comment Share on other sites More sharing options...
Supernova Posted October 18, 2009 Share Posted October 18, 2009 This flaw has been around for awhile now... Remove the Microsoft .NET Framework Assistant (ClickOnce) Firefox Extension Link to comment Share on other sites More sharing options...
MKAsok Posted October 18, 2009 Share Posted October 18, 2009 The latest version of Firefox - Firefox/3.0.14 (.NET CLR 3.5.30729) disables .NET framework (it does tell you first). Link to comment Share on other sites More sharing options...
Supernova Posted October 18, 2009 Share Posted October 18, 2009 ^ ^ Even with it disabled, still presents a security risk. Better to remove ClickOnce extension completely. Link to comment Share on other sites More sharing options...
astral Posted October 18, 2009 Share Posted October 18, 2009 The latest version of Firefox - Firefox/3.0.14 (.NET CLR 3.5.30729) disables .NET framework (it does tell you first). I got that message from FireFox yesterday. Link to comment Share on other sites More sharing options...
PoorSucker Posted October 18, 2009 Share Posted October 18, 2009 Also got the FF message. Thanks to the nice guys at Mozilla. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now