http://media.bestofmicro.com/firefox,I-E-227462-1.pngFirefox At Risk Due to Sneaky Microsoft Plug-In
October 16, 2009

" A secret plug-in installed by Microsoft puts Firefox users at risk of a malicious attack.

Remember how Microsoft reacted to Google inserting Chrome into Internet Explorer? The company wasn't happy, essentially telling the search engine giant to "get out." Now it looks as if the pot is calling the kettle black, as the latest Microsoft "Patch Tuesday" reveals that the company silently slipped in a plug-in for Mozilla's Firefox browser called Windows Presentation Foundation.

According to Computerworld, Microsoft's security engineers acknowledged the plug-in earlier this week (obviously), and said that the plug-in was pushed onto consumers through a Windows Update. Thanks to the plug-in, Firefox users were susceptible to an attack vector until it was addressed on Tuesday.

"While the vulnerability is in an IE component, there is an attack vector for Firefox users as well," the company said in this security blog. "The reason is that .NET Framework 3.5 SP1 installs a “Windows Presentation Foundation” plug-in in Firefox. Via this plug-in it is possible to launch XBAP (XAML Browser Application), and reach this vulnerability, from within Firefox."

The blog describes the attack as a "browse-and-get-owned" scenario. Firefox users need only to be lured to a malicious website set up for the attack. Unfortunately, Firefox users can't simply remove the plug-in: the "Disable" and "Uninstall" buttons are grayed out on all versions of Windows save for Windows 7. "

:source: Source: http://www.tomsguide.com/us/Firefox-Microsoft-Mozilla-Browser-Plug-In,news-4888.html:view: Homepage: http://www.tomsguide.com

I've just disabled it in xp sp3 firefox 3.5.3

thanks bro.

Currently, FireFox is marking the plugin for causing issues, and is disabling it by default. Good move by FF.

Firefox should atomatically prompt you to disable them, it did for me :)

Thanks for the heads up! I've disabled this add-on now

those motherfuckers . . . :angry:

*disables plugin :01:

I got a notification from FF this morning. I claim damages against M$ in the amount of $200- now we can call it even on Win7. No hard feelings this time, just don't do it again, Bill!

The same is done by Google and Apple. Try installing Google Earth or iTunes and you'll see new extensions added in Firefox.

yup just got it blocked today...good riddance!

I discovered today that it can indeed be uninstalled if your not afraid of the registry. Although MS has issued a patch that supposedly removes the vulnerability,and Firefox is supposed to have consented to remove it from their blocklist, I don't want the thing on my PC. Here are two pages, one MS itself, on how to remove the plugin. I prefer the anoyances version since they don't use the commandline to open Windows Explorer and MS seems to want to diswade people from removing it by being vague in their instructions.


http://support.microsoft.com/kb/963707

http://www.annoyances.org/exec/show/article08-600

What does the plugin actually do?
I have it disabled. I'll just leave it disabled, no need to uninstall, unless it starts enabling itself. :fear:

Microsoft just can't admit their browser isn't as good!

This is old actually, there was a report on this sometime ago, don't worry though, Firefox will automatically disable it though.