Firefox At Risk Due to Sneaky Microsoft Plug-In
Firefox At Risk Due to Sneaky Microsoft Plug-In
October 16, 2009
" A secret plug-in installed by Microsoft puts Firefox users at risk of a malicious attack.
Remember how Microsoft reacted to Google inserting Chrome into Internet Explorer? The company wasn't happy, essentially telling the search engine giant to "get out." Now it looks as if the pot is calling the kettle black, as the latest Microsoft "Patch Tuesday" reveals that the company silently slipped in a plug-in for Mozilla's Firefox browser called Windows Presentation Foundation.
According to Computerworld, Microsoft's security engineers acknowledged the plug-in earlier this week (obviously), and said that the plug-in was pushed onto consumers through a Windows Update. Thanks to the plug-in, Firefox users were susceptible to an attack vector until it was addressed on Tuesday.
"While the vulnerability is in an IE component, there is an attack vector for Firefox users as well," the company said in this security blog. "The reason is that .NET Framework 3.5 SP1 installs a “Windows Presentation Foundation” plug-in in Firefox. Via this plug-in it is possible to launch XBAP (XAML Browser Application), and reach this vulnerability, from within Firefox."
The blog describes the attack as a "browse-and-get-owned" scenario. Firefox users need only to be lured to a malicious website set up for the attack. Unfortunately, Firefox users can't simply remove the plug-in: the "Disable" and "Uninstall" buttons are grayed out on all versions of Windows save for Windows 7. "
:source: Source: http://www.tomsguide.com/us/Firefox-...news-4888.html:view: Homepage: http://www.tomsguide.com
Re: Firefox At Risk Due to Sneaky Microsoft Plug-In
I've just disabled it in xp sp3 firefox 3.5.3
Re: Firefox At Risk Due to Sneaky Microsoft Plug-In
Re: Firefox At Risk Due to Sneaky Microsoft Plug-In
Currently, FireFox is marking the plugin for causing issues, and is disabling it by default. Good move by FF.
Re: Firefox At Risk Due to Sneaky Microsoft Plug-In
Firefox should atomatically prompt you to disable them, it did for me :)
Re: Firefox At Risk Due to Sneaky Microsoft Plug-In
Thanks for the heads up! I've disabled this add-on now
Re: Firefox At Risk Due to Sneaky Microsoft Plug-In
those motherfuckers . . . :angry:
*disables plugin :01:
Re: Firefox At Risk Due to Sneaky Microsoft Plug-In
I got a notification from FF this morning. I claim damages against M$ in the amount of $200- now we can call it even on Win7. No hard feelings this time, just don't do it again, Bill!
Re: Firefox At Risk Due to Sneaky Microsoft Plug-In
The same is done by Google and Apple. Try installing Google Earth or iTunes and you'll see new extensions added in Firefox.
Re: Firefox At Risk Due to Sneaky Microsoft Plug-In
yup just got it blocked today...good riddance!