Skip to comments.
Sneaky Microsoft plug-in puts Firefox users at risk
COMPUTER WORLD.com ^
| October 16, 2009
| By Gregg Keizer
Posted on 10/20/2009 1:40:53 PM PDT by Cindy
Thanks to a special freepmailer for pointing to this article.
#
SNIPPET: "Computerworld - An add-on that Microsoft silently slipped into Mozilla's Firefox last February leaves the browser open to attack, Microsoft's security engineers acknowledged earlier this week.
One of the 13 security bulletins Microsoft released Tuesday affects not only Internet Explorer (IE), but also Firefox, thanks to a Microsoft-made plug-in pushed to Firefox users eight months ago in an update delivered via Windows Update.
"While the vulnerability is in an IE component, there is an attack vector for Firefox users as well," admitted Microsoft engineers in a post to the company's Security Research & Defense blog on Tuesday. "The reason is that .NET Framework 3.5 SP1 installs a 'Windows Presentation Foundation' plug-in in Firefox."
The Microsoft engineers described the possible threat as a "browse-and-get-owned" situation that only requires attackers to lure Firefox users to a rigged Web site."
(Excerpt) Read more at computerworld.com ...
TOPICS: Computers/Internet; Reference
KEYWORDS: firefox; internetexplorer; microsoft; mozilla
Navigation: use the links below to view more comments.
first 1-20, 21-23 next last
1
posted on
10/20/2009 1:40:54 PM PDT
by
Cindy
To: rdb3; Calvinist_Dark_Lord; GodGunsandGuts; CyberCowboy777; Salo; Bobsat; JosephW; ...
2
posted on
10/20/2009 1:42:11 PM PDT
by
ShadowAce
(Linux -- The Ultimate Windows Service Pack)
To: Cindy
A few hours ago, Firefox warned me that this thing was a risk and recommended that I shut it down.
Nice job Firefox.
3
posted on
10/20/2009 1:43:32 PM PDT
by
Petronski
(In Germany they came first for the Communists, And I didn't speak up because I wasn't a Communist...)
To: Petronski
Got that yesterday myself. Even had a simple click to shut it down without having to walk through some ridiculous process.
4
posted on
10/20/2009 1:45:42 PM PDT
by
Cletus.D.Yokel
(FreepMail me if you want on the Bourbon ping list!)
To: Cindy
I accept only old M$ “updates”. There’s tons and tons of places I don’t want to go to today.
5
posted on
10/20/2009 1:46:15 PM PDT
by
Paladin2
(Big Ears + Big Spending --> BigEarMarx, the man behind TOTUS)
To: Cletus.D.Yokel
Yep: click here to kill it, or some such thing.
6
posted on
10/20/2009 1:46:49 PM PDT
by
Petronski
(In Germany they came first for the Communists, And I didn't speak up because I wasn't a Communist...)
To: Petronski
my kids call it “mash here to destroy”...and none of them are gamers.
7
posted on
10/20/2009 1:48:14 PM PDT
by
Cletus.D.Yokel
(FreepMail me if you want on the Bourbon ping list!)
To: Petronski
Yep, Firefox automatically shut those two problems. But I had no idea Microsoft Updates was putting something into Firefox. How dare they!
8
posted on
10/20/2009 2:03:51 PM PDT
by
pctech
To: Cindy
To: Cindy
10
posted on
10/20/2009 2:11:36 PM PDT
by
BullDog108
(A Smith & Wesson beats four aces)
To: Cindy
Nice - MS now engaged in Cyber-terrorism against its biggest browser competitor?
11
posted on
10/20/2009 2:11:44 PM PDT
by
TheBattman
(Pray for our country...)
To: coolbreeze
You might want to take a look at this...........
12
posted on
10/20/2009 2:14:57 PM PDT
by
Gabz
(Democrats for Voldemort.)
To: stanz
ping for a leter examination
13
posted on
10/20/2009 2:24:38 PM PDT
by
stanz
(Those who don't believe in evolution should go jump off the flat edge of the Earth.)
To: Cindy
I see it on my list of add-ons, but it’s not enabled. Is it still a threat?
14
posted on
10/20/2009 2:34:52 PM PDT
by
dbwz
(DISSENT IS PATRIOTIC)
To: BullDog108
I checked my machine and mine is OK. I have to check the wife’s next. Thanks for the link.
15
posted on
10/20/2009 2:54:10 PM PDT
by
SeeRushToldU_So
( Go Braves! Braves are gone.)
To: BullDog108
Thanks for posting the link to the removal instructions. I checked my computer, and I don’t have this extension, but I passed on the link to others to spread the word.
16
posted on
10/20/2009 2:57:29 PM PDT
by
Windflier
(To anger a conservative, tell him a lie. To anger a liberal, tell him the truth.)
To: Windflier
No problemo. Tell them to be very careful if they have to open regedit to remove this!
17
posted on
10/20/2009 3:06:33 PM PDT
by
BullDog108
(A Smith & Wesson beats four aces)
To: SeeRushToldU_So
You’re welcome. Be careful with regedit if you need to remove!
18
posted on
10/20/2009 3:07:24 PM PDT
by
BullDog108
(A Smith & Wesson beats four aces)
To: BullDog108
Regedit don’t scare me. I am pretty handy with these things.
Famous last words.......
19
posted on
10/20/2009 3:18:43 PM PDT
by
SeeRushToldU_So
( Go Braves! Braves are gone.)
To: BullDog108
Tell them to be very careful if they have to open regedit to remove this! Well, that should go without saying in this day and age.
The instructions at the link are very precise. If folks only do what's written, they shouldn't have any trouble.
Thanks again.
20
posted on
10/20/2009 3:19:30 PM PDT
by
Windflier
(To anger a conservative, tell him a lie. To anger a liberal, tell him the truth.)
Navigation: use the links below to view more comments.
first 1-20, 21-23 next last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson
