PDA

View Full Version : umm - firefox and unsafe add-ons??



Miaow
17-10-2009, 7:06pm
never seen this before???

Just came up ????

Miaow
17-10-2009, 7:16pm
yes firefox has had a few probs since that last massive update - and i did report one of them cause so annoying - but moxilla blocking microsoft framework is a little weird?

Astroman
17-10-2009, 8:04pm
I just got the same warning! No reason at all, unless firefox updated behind the scenes... says my framework .NET thing is version 1.1, which I know is wrong, because I have the latest one. v3.

Miaow
17-10-2009, 8:34pm
frameworks run seperate there is 1.1 and 2 and 3 etc they are all seperate , they all run togerther same time Andrew

Edited: Intersting it picked it up i never saw an update either???

hoffy
17-10-2009, 8:39pm
I saw these today as well. But MS have rolled out a big batch of updates recently on vista (My lappy did a hugh upgrade today). I am wondering if this is a bit of a side effect (Firefox is now OK for me)

Miaow
17-10-2009, 8:43pm
i have all the frameworks on here 1.1 ,2 and 3.5 - onlyhad the error one 1 and that other thing- so weird - firefox has been slow esp on secure stuff since the MS updates

Miaow
17-10-2009, 8:48pm
just looked thought extensions/add ons i cant find them to enable agagin?

hoffy
17-10-2009, 8:49pm
I found this elsewhere:


As part of October's Windows Update batch an update to the .Net framework assistant in Firefox was pushed. Firefox took measures and blocked it automatically

Astroman
17-10-2009, 8:51pm
does it say if it's okay or not? will my computer be dead tomorrow :D

hoffy
17-10-2009, 8:53pm
Let google be your friend. It appears that MS has tried to force some bits on to firefox, which incidently opens up a vuneralbility. The mob at firefox have had the decency to block it. From another website:


Some time ago we advised to uninstall the Microsoft .NET Framework assistant because it was breaking some Firefox extensions.
Windows Presentation Foundation Plugin in the Add-Ons Manager
Of course, as many noticed at that time, having add-ons from Microsoft installed into Firefox behind your back by a Windows update also expanded the attack surface of the Mozilla browser, by adding the possible (likely) vulnerabilities of Microsoft’s technology to the mix. Ironically, this is the very argument used by Microsoft itself against Google Frame.

This easy precognition is reality now. According to Microsoft,

MS09-054 addresses an IE vulnerability (CVE-2009-2529), which was discovered and presented by Mark Dowd, Ryan Smith, and David Dewey at the BlackHat conference in July. […]

A browse-and-get-owned attack vector exists. All that is needed is for a user to be lured to a malicious website. […]

While the vulnerability is in an IE component, there is an attack vector for Firefox users as well.

The reason is that .NET Framework 3.5 SP1 installs a “Windows Presentation Foundation” plug-in in Firefox.
Via this plug-in it is possible to launch XBAP, and reach this vulnerability, from within Firefox.

The Windows Presentation Foundation plugin enables “XAML Browser Applications” (XBAPs) to run into your browser. Ironically, this appears to be Microsoft’s late equivalent of Java Applets, with some ActiveX scent as a bonus (native code). Talk about lesson learned…

In order to protect yourself, open Tools|Add-ons|Plugins, select Windows Presentation Foundation, and click the Disable button.

Miaow
17-10-2009, 8:59pm
hmm good firefox stopped it imo - better to be safe than sorry

Yay to firefox - down to MS in this case - ms shouldn push updates on other companies software