Skip to comments.Sneaky Microsoft plug-in puts Firefox users at risk
Posted on 10/20/2009 1:40:53 PM PDT by Cindy
Thanks to a special freepmailer for pointing to this article.
SNIPPET: "Computerworld - An add-on that Microsoft silently slipped into Mozilla's Firefox last February leaves the browser open to attack, Microsoft's security engineers acknowledged earlier this week.
One of the 13 security bulletins Microsoft released Tuesday affects not only Internet Explorer (IE), but also Firefox, thanks to a Microsoft-made plug-in pushed to Firefox users eight months ago in an update delivered via Windows Update.
"While the vulnerability is in an IE component, there is an attack vector for Firefox users as well," admitted Microsoft engineers in a post to the company's Security Research & Defense blog on Tuesday. "The reason is that .NET Framework 3.5 SP1 installs a 'Windows Presentation Foundation' plug-in in Firefox."
The Microsoft engineers described the possible threat as a "browse-and-get-owned" situation that only requires attackers to lure Firefox users to a rigged Web site."
(Excerpt) Read more at computerworld.com ...
A few hours ago, Firefox warned me that this thing was a risk and recommended that I shut it down.
Nice job Firefox.
Got that yesterday myself. Even had a simple click to shut it down without having to walk through some ridiculous process.
I accept only old M$ “updates”. There’s tons and tons of places I don’t want to go to today.
Yep: click here to kill it, or some such thing.
my kids call it “mash here to destroy”...and none of them are gamers.
Yep, Firefox automatically shut those two problems. But I had no idea Microsoft Updates was putting something into Firefox. How dare they!
Bump for later
Nice - MS now engaged in Cyber-terrorism against its biggest browser competitor?
You might want to take a look at this...........
ping for a leter examination
I see it on my list of add-ons, but it’s not enabled. Is it still a threat?
I checked my machine and mine is OK. I have to check the wife’s next. Thanks for the link.
Thanks for posting the link to the removal instructions. I checked my computer, and I don’t have this extension, but I passed on the link to others to spread the word.
You’re welcome. Be careful with regedit if you need to remove!
Regedit don’t scare me. I am pretty handy with these things.
Famous last words.......
Well, that should go without saying in this day and age.
The instructions at the link are very precise. If folks only do what's written, they shouldn't have any trouble.
on this step:
5. Open a new Firefox window, and in the address bar, type about:config and press Enter.
“the URL is not valid and cannot be loaded.
Anybody know what that’s about?
They are in a bit of a bind. If they don't release for Firefox extensions, they'll get accused of releasing Windows Updates only for IE users and hammered for that.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.