Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sneaky Microsoft plug-in puts Firefox users at risk


  • Please log in to reply
23 replies to this topic

#1 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,260 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:01:12 PM

Posted 17 October 2009 - 01:11 PM

An add-on that Microsoft silently slipped into Mozilla's Firefox last February leaves the browser open to attack, Microsoft's security engineers acknowledged earlier this week...
This week, Microsoft did not revisit the origin of the .NET add-on, but simply told Firefox users that they should uninstall the component if they weren't able to deploy the patches provided in the MS09-054 update.


the code in that add-on has a serious code execution vulnerability that exposes Firefox users to the “browse and you’re owned” attacks that are typically used in drive-by malware downloads.


Mozilla added the addon to their default blocklist.

Sources:
http://www.computerworld.com/s/article/913...x_users_at_risk
http://blogs.zdnet.com/security/?p=4614&am...g=trunk;content
https://www.mozilla.com/en-US/blocklist/

BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:12 PM

Posted 17 October 2009 - 03:03 PM

To add to what AA posted:

Mozilla now has a site you can check your plugins for security updates. Just click and it is pretty darn fast.
http://www.mozilla.com/en-US/plugincheck/


And This:
To protect users who may not have installed Microsoft's patch, Mozilla is automatically blocking two add-ons: the Microsoft .Net Framework Assistant and a related plugin called the Windows Presentation Foundation. The open-source browser started blocking the software late Friday night.

"Because of the difficulties some users have had entirely removing the add-on, and because of the severity of the risk it represents if not disabled, we contacted Microsoft today to indicate that we were looking to disable the extension and plugin for all users via our blocklisting mechanism," wrote Mozilla Vice President of Engineering Mike Shaver in a blog posting. "Microsoft agreed with the plan, and we put the blocklist entry live immediately."

Buggy plugins are a growing problem, as cyber criminals have increasingly leveraged flaws in products such as Adobe Flash Player and QuickTime to launch browser-based attacks. Earlier this week, Mozilla launched a Plugin Check site where Firefox users can see if their plugins are up-to-date.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 scff249

scff249

    Indecisive Lurker


  • Members
  • 1,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:03:12 PM

Posted 17 October 2009 - 03:05 PM

Idiot Microsoft....were they given permission to put that plug-in into the Firefox Browser? Kinda sounds fishy to me in the fact that there was a problem with it in the first place.

"Ototo'i wa usagi o mita no...Kino wa shika...Kyo wa anata." -Kotomi Ichinose (Clannad) [see below for translation]
"Day before yesterday I saw a rabbit, and yesterday a deer, and today, you." -The Dandelion Girl
"You are not alone, and you are not strange. You are you, and everyone has damage. Be the better person." -Katawa Shoujo


#4 Andrew

Andrew

    Bleepin' Night Watchman

  • Topic Starter

  • Moderator
  • 8,260 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:01:12 PM

Posted 17 October 2009 - 03:23 PM

Idiot Microsoft....were they given permission to put that plug-in into the Firefox Browser? Kinda sounds fishy to me in the fact that there was a problem with it in the first place.

No. No permission is requested. It's installed automatically when you update the .Net Framework runtime.

#5 tug

tug

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:03:12 PM

Posted 17 October 2009 - 05:03 PM

I wonder why it was blocked if MS patched it which they did on 14-10-09 this tuesday. Though that was a .NET patch and I seem to have WPF which I know is connected to .NET but I do not seem to have the .NET itself.

#6 samuel3

samuel3

  • Members
  • 2,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:12 PM

Posted 17 October 2009 - 08:56 PM

Posted Image

#7 Andrew

Andrew

    Bleepin' Night Watchman

  • Topic Starter

  • Moderator
  • 8,260 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:01:12 PM

Posted 17 October 2009 - 09:02 PM

samuel3... Windows Genuine Advantage? Really?

#8 Romeo29

Romeo29

    Learning To Bleep


  • Members
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:03:12 PM

Posted 17 October 2009 - 09:47 PM

.NET framework assistant was added to blocklist a long time ago. But after updating Windows with MS hotfixes released on 14th October, Firefox warned about the WPF plugin and disabled it.

See Firefox addons blocklist : https://www.mozilla.com/en-US/blocklist/

#9 tug

tug

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:03:12 PM

Posted 18 October 2009 - 12:02 PM

I don't have the .NET ext anymore just the WPF, I presumed .NET had changed into WPF :thumbsup: I must have been wrong but I never uninstalled it maybe its a vista thing?

#10 samuel3

samuel3

  • Members
  • 2,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:12 PM

Posted 18 October 2009 - 05:19 PM

samuel3... Windows Genuine Advantage? Really?

What about it?

I don't even know what it is lol.

Explain please.

EDIT: If i can no longer use it and its no use - How do i remove it?

Edited by samuel3, 18 October 2009 - 05:22 PM.


#11 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:12 PM

Posted 18 October 2009 - 08:52 PM

Samuel3---see info in link below.
http://www.tipandtrick.net/2008/how-to-uni...checkplugindll/
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#12 samuel3

samuel3

  • Members
  • 2,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:12 PM

Posted 19 October 2009 - 10:27 AM

Ok.. thanks what was it anyway?

And how do i delete the disabled ones in there that are greyed out? I don't need them anymore?

#13 samuel3

samuel3

  • Members
  • 2,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:12 PM

Posted 22 October 2009 - 05:52 PM

Bumping. Anyone know from my question above?

Bumping.

Edited by Amazing Andrew, 24 October 2009 - 07:03 PM.
Mod Edit: Merged, please don't bump; you'll get more responses if you post in one of the help forums


#14 samuel3

samuel3

  • Members
  • 2,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:12 PM

Posted 25 October 2009 - 05:37 PM

Dam, anyone???

#15 samuel3

samuel3

  • Members
  • 2,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:12 PM

Posted 26 October 2009 - 09:02 AM

samuel3... Windows Genuine Advantage? Really?


What about it?


Explain please.

Edited by samuel3, 26 October 2009 - 09:04 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users