Mozilla developers have blocked a Firefox plugin that was quietly pushed out by Microsoft, saying that it presents a security risk.

Microsoft shipped the Firefox add-on as part of a .Net software update last February, causing outrage among some Firefox users, who complained that the software was sneaked onto their systems without their knowledge or approval and was extremely difficult to remove.

On Tuesday, Microsoft warned that Firefox users who have not applied a recent Internet Explorer patch were vulnerable to a "browse-and-get-owned attack" because of a bug in the Microsoft .Net Framework Assistant add-on.

"All that is needed is for a user to be lured to a malicious website," Microsoft said. Triggering this vulnerability involves the use of a malicious XBAP (XAML Browser Application).

The flaw is a nasty one, but users who have installed the MS09-054 IE update, released Tuesday are protected from this attack, "regardless of the attack vector," Microsoft said.

To protect users who may not have installed Microsoft's patch, Mozilla is automatically blocking two add-ons: the Microsoft .Net Framework Assistant and a related plugin called the Windows Presentation Foundation. The open-source browser started blocking the software late Friday night.

More: http://pcworld.com/article/173858/

__________________
__________________
Check us out on Facebook!

Useful Guides: Networking 101 Security 101 Disable Real Time Monitoring Virus/Malware Preliminary Removal Instructions

I read about this in one of my newsletters. I still don't understand how Microsoft can complain about a Firefox plugin and then worse, send an update for the Firefox browser!

Do I have that right? since when is MS concerned about Mozilla?

__________________
wave:Computer Support and Help
Virus & Malware Removal
Tutorials on "How To...."
Stop Nuisance Startups

In my opinion it definitely seems suspect that they released a firefox plugin that presented a security risk. Not to mention the fact they shipped the Firefox add-on as part of a .Net software update, instead of giving it's own update with proper name.

__________________
__________________
Check us out on Facebook!

Useful Guides: Networking 101 Security 101 Disable Real Time Monitoring Virus/Malware Preliminary Removal Instructions

Seems they have changed their mind over the matter...

http://www.computerworld.com/s/artic...ity_2009-10-20

__________________

I think Mike Shaver was right to be on the careful side

"Microsoft maintained that Firefox users who applied the patches would be safe from attack, but Mozilla felt that was not enough. Friday, Shaver cited the severity of the vulnerability and the difficulty some users have had in removing Microsoft's software as Mozilla's reasons for engaging the blocking list."

__________________
__________________
Check us out on Facebook!

Useful Guides: Networking 101 Security 101 Disable Real Time Monitoring Virus/Malware Preliminary Removal Instructions

Indeed, a very good move In my opinion. Microsoft aren't exactly well know for providing safe reliable applications and updates the first time around. Ok maybe after a patch or 2 but usually the first release isn't ever secure.
Also seemingly they did bring it on themselves. I mean the secrecy surrounding the update and the fact there was no straight removal method just doesn't seem to add up.

__________________

Got to say this smacks of MS putting their hands where they don't belong! As a Firefox user, if I started up one day and found an update from MS on my "non-Microsoft" browser, I would be sending a powerful email at least! Only one reason why I have updates turned off.

__________________
wave:Computer Support and Help
Virus & Malware Removal
Tutorials on "How To...."
Stop Nuisance Startups