M$ FF .NET sneak causes security breach

[jee]

Remember that Microsoft .NET Framework Assistant add-on that Microsoft sneaked into Firefox without explicit permission from end users?

Well, the code in that add-on has a serious code execution vulnerability that exposes Firefox users to the “browse and you’re owned” attacks that are typically used in drive-by malware downloads.

Now, Microsoft’s security folks are actually recommending that Firefox users uninstall the buggy add-on:

For Firefox users with .NET Framework 3.5 installed, you may use “Tools”-> “Add-ons” -> “Plugins”, select “Windows Presentation Foundation”, and click “Disable”.

http://blogs.zdnet.com/security/?p=4614&tag=nl.e589

[WiK1d]

Oooh, so this is what the popup I got yesterday is about. Firefox automatically asked if I wanted to disable it, and I was like, uh, okay..

[SykomantiS]

Oooh, so this is what the popup I got yesterday is about. Firefox automatically asked if I wanted to disable it, and I was like, uh, okay..

++ Last night FF asked me if I want to disable the callamawatchit. Haven't had a problem since.

[jee]

yeah, fortunately FF is on the ball

[DarkStar]

Firefox didn't even ask me. I just checked now and it was disabled

[StarBound]

Yeah FF was screaming at me this morning too.

[Prime]

And I use Opera 10

[Stuart]

I had to disable mine manually.

[Monty]

And I use Opera 10

Poor Prime. We'll pray for you and hope you see the light that is FireFox.

[Prime]

And I use Opera 10

Poor Prime. We'll pray for you and hope you see the light that is FireFox.

The lightening while strike you the day you pray

[DarkStar]

I tried Opera 10 once, but was put off it as there was no simple and obvious way to transfer all my Firefox settings.

[Monty]

And I use Opera 10

Poor Prime. We'll pray for you and hope you see the light that is FireFox.

The lightening while strike you the day you pray

Sweet! I've got my radioactive spider and kryptonite ready for it!

[rustypup]

<ridiculously off-topic>

but was put off it as there was no simple and obvious way to transfer all my Firefox settings.

this is either the most profound, or most twilight-fan'ish, reason ever presented... i'm guessing the File->Import and Export option was somehow missing from the menu?
</ridiculously off-topic>

this is pretty much SOP for microsoft.... :/

[hamin_aus]

Brilliant move by Microsoft IMO.
We'll prove FF isn't as secure as people think by releasing a "plug-in" that creates a vulnerability on ti.

Genius!

Shame on the whistle-blower who let everyone in on this...

[Ron2K]

And I use Opera 10

This isn't a Firefox vs Opera debate, please don't turn it into one.

In any case, the fault here lies with Microsoft. One would expect a major software company not to release this kind of thing, but no. What makes it worse is the fact that it affects a product that's a major threat to their browser dominance - one wonders if this is a new mutation on their "Embrace, extend, extinguish" strategy? (Wiki link for those who don't know about that.)

[Ron2K]

Update on this one: Microsoft and Mozilla have been working on the issue, with the result that the plugin has now been unblocked. See this blog post for more info.