Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Mozilla Blocks Add-ons from Microsoft Because of Vulernability
Daily Tech ^ | October 19, 2009 9:29 AM | Shane McGlaun (Blog)

Posted on 10/19/2009 1:15:38 PM PDT by Ernest_at_the_Beach

Add-ons blocked because of serious security vulnerability for Firefox users.

A war has been raging between different web browsers for a long time now. The two main combatants in the battle are Microsoft's Internet Explorer and Firefox from Mozilla. Microsoft is still in the lead in marketshare with IE, but Firefox is grabbing up a large portion of the market for itself.

Firefox hit the one billion download mark in August and has 32% of the browser market while IE holds about 60% of the market.

Mozilla and Microsoft are working together on a security flaw in some Microsoft add-ons that affects Firefox users. Mozilla reports that it has blocked two Microsoft add-ons installed silently for computers running the .NET Framework 3.5 SP1. The add-ons that Mozilla is blocking are the .NET Framework Assistant and Windows

Presentation Foundation component because of a vulnerability that the add-ons allow for Firefox.

Mozilla VP of engineering Mike Shaver wrote in a blog post, "Because of the difficulties some users have had entirely removing the add-on, and because of the severity of the risk it represents if not disabled, we contacted Microsoft today to indicate that we were looking to disable the extension and plug-in for all users via our blocklisting mechanism. Microsoft agreed with the plan, and we put the blocklist entry live immediately.”

(Excerpt) Read more at dailytech.com ...


TOPICS: Business/Economy; Computers/Internet
KEYWORDS: firefox; hitech; lowqualitycrap; microsoft

1 posted on 10/19/2009 1:15:39 PM PDT by Ernest_at_the_Beach
[ Post Reply | Private Reply | View Replies]

To: ShadowAce

fyi


2 posted on 10/19/2009 1:16:02 PM PDT by Ernest_at_the_Beach (Support Geert Wilders)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Ernest_at_the_Beach

Teeheehee.

Mozilla had a real “in your face” moment giving it to MS over that. LOL

I loved seeing the pop up basically saying Mozilla has protected me from Microsoft! What a hoot!


3 posted on 10/19/2009 1:17:27 PM PDT by papasmurf (RnVjayB5b3UsIDBiYW1hLCB5b3UgcGllY2Ugb2Ygc2hpdCBjb3dhcmQh)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Ernest_at_the_Beach

Been getting these warnings. Not even sure that I remember downloading the add-on.


4 posted on 10/19/2009 1:17:38 PM PDT by raybbr (It's going to get a lot worse now that the anchor babies are voting!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Ernest_at_the_Beach

Got one of those this AM. Mozilla had better be careful using me as a pawn in a mind game - I don’t like it. And they’re not the only game in town.


5 posted on 10/19/2009 1:23:49 PM PDT by Billthedrill
[ Post Reply | Private Reply | To 1 | View Replies]

To: papasmurf
Mozilla had a real “in your face” moment giving it to MS over that. LOL

Except the vulnerability exposed is in Firefox. The plug-ins cannot create vulnerability unless the underlying browser is flawed.

6 posted on 10/19/2009 1:24:07 PM PDT by Ingtar (Asses far Left of me; Rinos to the Left; FReepin' on the Right with you.)
[ Post Reply | Private Reply | To 3 | View Replies]

To: Ernest_at_the_Beach

Hehehe,

“Microsoft has performed an illegal operation and will be shot down.”

=-)


7 posted on 10/19/2009 1:26:42 PM PDT by Dr.Zoidberg (Warning: Sarcasm/humor is always engaged. Failure to recognize this may lead to misunderstandings.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: rdb3; Calvinist_Dark_Lord; GodGunsandGuts; CyberCowboy777; Salo; Bobsat; JosephW; ...

8 posted on 10/19/2009 1:26:55 PM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: raybbr
"Been getting these warnings. Not even sure that I remember downloading the add-on." Same here. I got the warning this morning, and I was like "hmph, I don't even remember adding the Windows Presentation Plugin"
9 posted on 10/19/2009 1:27:35 PM PDT by z3n
[ Post Reply | Private Reply | To 4 | View Replies]

To: Billthedrill

Mozilla protected you from a major vulnerability in software MS surreptitiously downloaded and installed on to your pc using Mozilla as a carrier.


10 posted on 10/19/2009 1:29:29 PM PDT by papasmurf (RnVjayB5b3UsIDBiYW1hLCB5b3UgcGllY2Ugb2Ygc2hpdCBjb3dhcmQh)
[ Post Reply | Private Reply | To 5 | View Replies]

To: z3n

YOU didn’t. MS did, disguised as a “security” update.


11 posted on 10/19/2009 1:30:14 PM PDT by papasmurf (RnVjayB5b3UsIDBiYW1hLCB5b3UgcGllY2Ugb2Ygc2hpdCBjb3dhcmQh)
[ Post Reply | Private Reply | To 9 | View Replies]

To: Ingtar

That’s imply not true. A “drive by” attack can occur.


12 posted on 10/19/2009 1:32:42 PM PDT by papasmurf (RnVjayB5b3UsIDBiYW1hLCB5b3UgcGllY2Ugb2Ygc2hpdCBjb3dhcmQh)
[ Post Reply | Private Reply | To 6 | View Replies]

To: papasmurf

Any program (plug-in) sitting on top of the browser only has what access the browser allows it. If the plug-in exposes a vulnerability, then it is the browser’s fault. At least, this is the logic used to blame IE for add-ons installed there that create problems.


13 posted on 10/19/2009 1:38:50 PM PDT by Ingtar (Asses far Left of me; Rinos to the Left; FReepin' on the Right with you.)
[ Post Reply | Private Reply | To 12 | View Replies]

To: Ernest_at_the_Beach

Twice now I have received a warning in firefox...
suggesting that I “close the browser so that the .NET framework can be disabled”.

Not sure what i’m supposed to do... Other apps require it.
If I disable it to avoid the warning, I disable features in other apps.

I agree with the previous post that Mozilla better stop using me as a pawn... I don’t like seeing warning messages unless they are real threats.


14 posted on 10/19/2009 1:43:17 PM PDT by Safrguns
[ Post Reply | Private Reply | To 1 | View Replies]

To: papasmurf

Well, if microsoft is intrusively adding software plugins to firefox as a “security update”, I think they deserve every little bit of shame they get.


15 posted on 10/19/2009 1:44:15 PM PDT by z3n
[ Post Reply | Private Reply | To 11 | View Replies]

To: Ingtar

You’re correct. BUT, in Firefox’s case, ONLY if the mechanism is installed in the browser. MS surreptitiously and silently, installed it. That’s why Mozilla blocked it.

In the last 2 months, and especially after “patch tuesday” of last, I’ve seen about 7 silent installs from MS on pc’s. I spent this last entire weekend repairing the damages for several people.

And, BTW, this was installed in Thunderbird, as well. So, some might just suspect MS was attempting to setup Mozilla, in light of their success against the mighty Redmond.


16 posted on 10/19/2009 1:48:09 PM PDT by papasmurf (RnVjayB5b3UsIDBiYW1hLCB5b3UgcGllY2Ugb2Ygc2hpdCBjb3dhcmQh)
[ Post Reply | Private Reply | To 13 | View Replies]

To: Safrguns; papasmurf

I haven’t seen any warnings...course I am not using Windows...


17 posted on 10/19/2009 1:49:45 PM PDT by Ernest_at_the_Beach (Support Geert Wilders)
[ Post Reply | Private Reply | To 14 | View Replies]

To: Ernest_at_the_Beach

“I haven’t seen any warnings...course I am not using Windows...”

hahahahaha


18 posted on 10/19/2009 1:50:57 PM PDT by papasmurf (RnVjayB5b3UsIDBiYW1hLCB5b3UgcGllY2Ugb2Ygc2hpdCBjb3dhcmQh)
[ Post Reply | Private Reply | To 17 | View Replies]

To: Ernest_at_the_Beach
Just checked, and yep, my firefox browser is blocking .net for stability issues. lol.

Competition can be fun to watch.
19 posted on 10/19/2009 1:52:14 PM PDT by mysterio
[ Post Reply | Private Reply | To 1 | View Replies]

To: Ernest_at_the_Beach; neverdem; SunkenCiv; Doohickey

I like Firefiox (Mozilla) - if only because it has any internal spellchecker (with a pull-down menu of right-click spelling prompts!) when web typing. On any page.


20 posted on 10/19/2009 1:56:04 PM PDT by Robert A. Cook, PE (I can only donate monthly, but socialists' ABBCNNBCBS continue to lie every day!)
[ Post Reply | Private Reply | To 2 | View Replies]

To: Robert A. Cook, PE

“Mozilla Blocks Add-ons from Microsoft Because of Vulernability”

Heh... eye ron ic... ;’)

When I use a browser on a Wintel machine, and have a choice, I’ll take Firefox every single time. :’) The machine I use at work allowed me to install iTunes the other day, and my coworker couldn’t do the same with the file I’d downloaded; I’m now tempted to install Firefox as well.


21 posted on 10/19/2009 2:09:41 PM PDT by SunkenCiv (https://secure.freerepublic.com/donate/__Since Jan 3, 2004__Profile updated Monday, January 12, 2009)
[ Post Reply | Private Reply | To 20 | View Replies]

To: Ernest_at_the_Beach

Firefox is used by about 52% of visitors to my web site (aimed at amateur radio / electronics) and IE about 45% according to last week’s statistics.

Jack


22 posted on 10/19/2009 2:59:55 PM PDT by JackOfVA
[ Post Reply | Private Reply | To 1 | View Replies]

To: JackOfVA

What’s the benefit of Mozilla? I just don’t see it. I have to routinely fix a pc I don’t own and Mozilla drives me batty with a whole slew of broken plugins. I want to wipe out the whole thing.

I use IE, and I’m quite happy with how it’s progressed over the years. No stability issues.


23 posted on 10/19/2009 3:26:33 PM PDT by BenKenobi
[ Post Reply | Private Reply | To 22 | View Replies]

To: raybbr

MS put the add-on in a security update to the .net framework.

I uninstalled it when I found out about it. MS didn’t make it easy to get rid of.


24 posted on 10/19/2009 3:36:20 PM PDT by MediaMole
[ Post Reply | Private Reply | To 4 | View Replies]

To: BenKenobi

Firefox is safer, in that it is not exposed to nearly as many exploits as IE. It also has been in advance of IE in terms of introducing useful features, such as tabbed browsing, although IE now has some of Firefox’s features.

I’ve not had a problem with Firefox plug-ins, and I’ve used it since version 1.5 or so. I also use Thunderbird as my E-mail program and find it superior to Outlook, let alone Outlook Express.

Jack


25 posted on 10/19/2009 3:54:36 PM PDT by JackOfVA
[ Post Reply | Private Reply | To 23 | View Replies]

To: Robert A. Cook, PE

I detested Firefox and it’s monthy re-installs, but I haven’t tried it in years. Mozilla did the right thing here.


26 posted on 10/19/2009 4:30:32 PM PDT by Doohickey (I try to take my days one at a time, but occasionally several days attack me at once.)
[ Post Reply | Private Reply | To 20 | View Replies]

To: z3n

I haven’t gotton any warnings and I use FF 99% of the time.


27 posted on 10/19/2009 4:37:34 PM PDT by hsmomx3 (GO STEELERS!!!!!!!!!!!!)
[ Post Reply | Private Reply | To 15 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson