Firefox At Risk Due to Sneaky Microsoft Plug-In
October 16, 2009
" A secret plug-in installed by Microsoft puts Firefox users at risk of a malicious attack.
Remember how Microsoft reacted to Google inserting Chrome into Internet Explorer? The company wasn't happy, essentially telling the search engine giant to "get out." Now it looks as if the pot is calling the kettle black, as the latest Microsoft "Patch Tuesday" reveals that the company silently slipped in a plug-in for Mozilla's Firefox browser called Windows Presentation Foundation.
According to Computerworld, Microsoft's security engineers acknowledged the plug-in earlier this week (obviously), and said that the plug-in was pushed onto consumers through a Windows Update. Thanks to the plug-in, Firefox users were susceptible to an attack vector until it was addressed on Tuesday.
"While the vulnerability is in an IE component, there is an attack vector for Firefox users as well," the company said in this security blog. "The reason is that .NET Framework 3.5 SP1 installs a “Windows Presentation Foundation” plug-in in Firefox. Via this plug-in it is possible to launch XBAP (XAML Browser Application), and reach this vulnerability, from within Firefox."
The blog describes the attack as a "browse-and-get-owned" scenario. Firefox users need only to be lured to a malicious website set up for the attack. Unfortunately, Firefox users can't simply remove the plug-in: the "Disable" and "Uninstall" buttons are grayed out on all versions of Windows save for Windows 7. "
Source: http://www.tomsguide.com/us/Firefox-...news-4888.html Homepage: http://www.tomsguide.com