Skip to comments.Mozilla Blocks Add-ons from Microsoft Because of Vulernability
Posted on 10/19/2009 1:15:38 PM PDT by Ernest_at_the_Beach
A war has been raging between different web browsers for a long time now. The two main combatants in the battle are Microsoft's Internet Explorer and Firefox from Mozilla. Microsoft is still in the lead in marketshare with IE, but Firefox is grabbing up a large portion of the market for itself.
Firefox hit the one billion download mark in August and has 32% of the browser market while IE holds about 60% of the market.
Mozilla and Microsoft are working together on a security flaw in some Microsoft add-ons that affects Firefox users. Mozilla reports that it has blocked two Microsoft add-ons installed silently for computers running the .NET Framework 3.5 SP1. The add-ons that Mozilla is blocking are the .NET Framework Assistant and Windows
Presentation Foundation component because of a vulnerability that the add-ons allow for Firefox.
Mozilla VP of engineering Mike Shaver wrote in a blog post, "Because of the difficulties some users have had entirely removing the add-on, and because of the severity of the risk it represents if not disabled, we contacted Microsoft today to indicate that we were looking to disable the extension and plug-in for all users via our blocklisting mechanism. Microsoft agreed with the plan, and we put the blocklist entry live immediately.
(Excerpt) Read more at dailytech.com ...
Mozilla had a real “in your face” moment giving it to MS over that. LOL
I loved seeing the pop up basically saying Mozilla has protected me from Microsoft! What a hoot!
Been getting these warnings. Not even sure that I remember downloading the add-on.
Got one of those this AM. Mozilla had better be careful using me as a pawn in a mind game - I don’t like it. And they’re not the only game in town.
Except the vulnerability exposed is in Firefox. The plug-ins cannot create vulnerability unless the underlying browser is flawed.
“Microsoft has performed an illegal operation and will be shot down.”
Mozilla protected you from a major vulnerability in software MS surreptitiously downloaded and installed on to your pc using Mozilla as a carrier.
YOU didn’t. MS did, disguised as a “security” update.
That’s imply not true. A “drive by” attack can occur.
Any program (plug-in) sitting on top of the browser only has what access the browser allows it. If the plug-in exposes a vulnerability, then it is the browser’s fault. At least, this is the logic used to blame IE for add-ons installed there that create problems.
Twice now I have received a warning in firefox...
suggesting that I “close the browser so that the .NET framework can be disabled”.
Not sure what i’m supposed to do... Other apps require it.
If I disable it to avoid the warning, I disable features in other apps.
I agree with the previous post that Mozilla better stop using me as a pawn... I don’t like seeing warning messages unless they are real threats.
Well, if microsoft is intrusively adding software plugins to firefox as a “security update”, I think they deserve every little bit of shame they get.
You’re correct. BUT, in Firefox’s case, ONLY if the mechanism is installed in the browser. MS surreptitiously and silently, installed it. That’s why Mozilla blocked it.
In the last 2 months, and especially after “patch tuesday” of last, I’ve seen about 7 silent installs from MS on pc’s. I spent this last entire weekend repairing the damages for several people.
And, BTW, this was installed in Thunderbird, as well. So, some might just suspect MS was attempting to setup Mozilla, in light of their success against the mighty Redmond.
I haven’t seen any warnings...course I am not using Windows...
“I havent seen any warnings...course I am not using Windows...”
I like Firefiox (Mozilla) - if only because it has any internal spellchecker (with a pull-down menu of right-click spelling prompts!) when web typing. On any page.
“Mozilla Blocks Add-ons from Microsoft Because of Vulernability”
Heh... eye ron ic... ;’)
When I use a browser on a Wintel machine, and have a choice, I’ll take Firefox every single time. :’) The machine I use at work allowed me to install iTunes the other day, and my coworker couldn’t do the same with the file I’d downloaded; I’m now tempted to install Firefox as well.
Firefox is used by about 52% of visitors to my web site (aimed at amateur radio / electronics) and IE about 45% according to last week’s statistics.
What’s the benefit of Mozilla? I just don’t see it. I have to routinely fix a pc I don’t own and Mozilla drives me batty with a whole slew of broken plugins. I want to wipe out the whole thing.
I use IE, and I’m quite happy with how it’s progressed over the years. No stability issues.
MS put the add-on in a security update to the .net framework.
I uninstalled it when I found out about it. MS didn’t make it easy to get rid of.
Firefox is safer, in that it is not exposed to nearly as many exploits as IE. It also has been in advance of IE in terms of introducing useful features, such as tabbed browsing, although IE now has some of Firefox’s features.
I’ve not had a problem with Firefox plug-ins, and I’ve used it since version 1.5 or so. I also use Thunderbird as my E-mail program and find it superior to Outlook, let alone Outlook Express.
I detested Firefox and it’s monthy re-installs, but I haven’t tried it in years. Mozilla did the right thing here.
I haven’t gotton any warnings and I use FF 99% of the time.