Malicious Microsoft Plugin puts Firefox users vulnerable to attack
Back in February, there was a Microsoft Windows Update that installed the add-on Microsoft .NET Framework Assistant into Firefox. It was silently installed into the browser without the consent of the user. Earlier this week, Microsoft’s security engineers acknowledged that this plugin poses a critical security threat to the browser. This update adds to Firefox one of the most dangerous vulnerabilities present in all versions of Internet Explorer–the ability for websites to easily and quietly install software on your PC. Since this design flaw is one of the reasons you may’ve originally choosen to abandon IE in favor of a safer browser like Firefox, you may wish to remove this extension with all due haste.
“While the vulnerability is in an IE component, there is an attack vector for Firefox users as well,” admitted Microsoft engineers in a post to the company’s Security Research & Defense blog on Tuesday. “The reason is that .NET Framework 3.5 SP1 installs a ‘Windows Presentation Foundation’ plug-in in Firefox.”
Many experts complained about this security threat when Microsoft pushed the .NET Framework 3.5 Service Pack 1 (SP1) update to users back in February. They also stated that Microsoft made it very difficult for common users to remove the .NET plugin. The “Disable” and “Uninstall” option in Firefox’s plugin list was grayed out. The only way by which you can remove the plugin is by editing the registry, a very risky job since one wrong step can cripple your Windows.
However in May, Microsoft issued an update which made it possible to disable this plugin. But it did not mention anything about the dangers of this plugin.
This week, Microsoft did not make any reference to the origin of the .NET add-on, but simply told Firefox users that they should uninstall the component if they weren’t able to deploy the patches provided in the MS09-054 update.
How to disable or uninstall the add-on?
For Firefox users with .NET Framework 3.5 installed, you may use “Tools”-> “Add-ons” -> “Plugins”, select “Windows Presentation Foundation”, and click “Disable”.
Also, if you would like to uninstall the “Windows Presentation Foundation” plug-in from Firefox, please refer to Microsoft’s KB article How to remove the .NET Framework Assistant for Firefox
3 Comments »
alay on How to solve winamp And Gtalk… Bala on How to solve winamp And Gtalk… techwoo on Malicious Microsoft Plugin put… Shit Wes’ Dad… on WikiReader – The complet… cyberia on Malicious Microsoft Plugin put…
The Andreas04 Theme.