Welcome to WebmasterWorld Guest from 54.166.102.61

Forum Moderators: incrediBILL

Firefox Remotely Blocks Microsoft .NET Plugins

Microsoft .Net Framework Assistant and Windows Presentation Foundation

   
10:18 pm on Oct 18, 2009 (gmt 0)

WebmasterWorld Senior Member encyclo is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Article [pcworld.com]
Mozilla developers have blocked a Firefox plugin that was quietly pushed out by Microsoft, saying that it presents a security risk. (...) On Tuesday, Microsoft warned that Firefox users who have not applied a recent Internet Explorer patch were vulnerable to a "browse-and-get-owned attack" because of a bug in the Microsoft .Net Framework Assistant add-on.

To protect users who may not have installed Microsoft's patch, Mozilla is automatically blocking two add-ons: the Microsoft .Net Framework Assistant and a related plugin called the Windows Presentation Foundation. (...) "Microsoft agreed with the plan, and we put the blocklist entry live immediately."
10:33 pm on Oct 18, 2009 (gmt 0)

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member



The Windows Presentation Foundation add-on was initially reported as causing crashes [bugzilla.mozilla.org], even before the vulnerability was discovered.

Microsoft has also posted removal instructions [support.microsoft.com] in their Support section.

If you use Microsoft's "automatic" solution, you may need to install further updates after doing so. It would be a good idea to run Microsoft Update after downloading and installing the KB963707 patch. This shouldn't be necessary if you use the manual regedit-and-file delete procedure given in KB963707.

Jim

5:47 am on Oct 19, 2009 (gmt 0)

WebmasterWorld Administrator bill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month



This was the .NET plug-in that was hidden in one of the MS updates, right? There was a bit of noise made at the time. I was surprised to see FF block it that way. I hadn't seen them block other plug-ins that way before.
12:03 pm on Oct 19, 2009 (gmt 0)

5+ Year Member



I didn't remember that i've installed "Microsoft .NET Framework Assistant" or why, but it was there. Seems like M$ is installing malware and I'm just happy that its blocked, security risk or not.
2:57 pm on Oct 19, 2009 (gmt 0)

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Malware is intentionally malicious. While Microsoft's add-on was defective and therefore exploitable, and while it was installed without giving the user an option, it's not quite fair to call it "malware." It's just buggy code.

Jim

3:03 pm on Oct 19, 2009 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



I was starting to get fed up with Firefox. It seemed like a memory hog and was pokey. However since blocking/removing the two add-ons it seems like Firefox is working better.
3:57 pm on Oct 19, 2009 (gmt 0)

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



I've never installed .NET or .NET Framework... never got the .NET Frame Assistant. Which begs the question: Is there any value in having .NET installed?
3:58 pm on Oct 19, 2009 (gmt 0)

5+ Year Member



Seems like Microsoft and Mozilla have reached an agreement and have re-activated one of the add-ons they disabled, Slashdot has more details
6:01 pm on Oct 19, 2009 (gmt 0)

WebmasterWorld Senior Member demaestro is a WebmasterWorld Top Contributor of All Time 10+ Year Member



What I have a problem with is someone who has a competing browser installs, in the background, a plugin that slows down it's competitor's browser.

I wonder how much of the "bad" coding was intentional to slow down FF.

I can just see a Microsoft campaign telling you to

1) update your machine
2) open Firefox
3) open IE
4) type this URL into both browsers
5) hit enter on both browsers
6) See! IE loads faster than FF

What they don't tell you is their plugin from the "update your machine" step slows down FF.

I am not saying that this is what happened here, but if they wanted it obviously wouldn't be hard to pull off.

6:57 pm on Oct 19, 2009 (gmt 0)

5+ Year Member



Malware is intentionally malicious. While Microsoft's add-on was defective and therefore exploitable, and while it was installed without giving the user an option, it's not quite fair to call it "malware." It's just buggy code.

Its a matter of definitions i guess.

Malware, short for malicious software, is software designed to infiltrate a computer without the owner's informed consent.

Informed consent is a legal condition whereby a person can be said to have given consent based upon a clear appreciation and understanding of the facts, implications and future consequences of an action.

(source wikipedia)
8:36 am on Oct 20, 2009 (gmt 0)

5+ Year Member



Windows presentation foundation add-on caused my firefox to become unstable. Now i do not know if firefox is having any issues with it but after removing it my firefox is behaving normally as it used to be .......
9:05 am on Oct 20, 2009 (gmt 0)

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



I ask once again... what is the benefit of .NET?

Why MIGHT we need it? Why is Mozilla killing it (and is not after MS and Moz chatted a bit and said ONE is okay and the other is still blocked?)?

Nothing I use daily requires .NET. I've blocked it on updates on all systems. Biz continues as normal. Am I missing out on something?

10:06 am on Oct 20, 2009 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



-- benefit of .NET --

i am a developer that needs MSSQL Server localy or to connect to remote one?

12:04 am on Oct 22, 2009 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



>I wonder how much of the "bad" coding was intentional to sow down FF.

I defer to nobody in willingness to attribute bad motives to Microsoft: they are, IMO, lawyers and lawyer-spawn, although serpents are physiologically incapable of stooping, there is no depth to which they would not slither.

But I have no trouble attributing this particular issue to stupidity rather than malice: after all, they have these kind of security, reliability, and performance problems ALL THE TIME on their own software.

>I can just see a Microsoft campaign telling you to

>1) update your machine
>2) open Firefox
>3) open IE
>4) type this URL into both browsers
>5) hit enter on both browsers
>6) See! IE loads faster than FF

>What they don't tell you is their plugin from the "update your machine" step slows down FF.

In THIS matter you're attributing far too much honesty to Microsoft. This is similar to what they do regularly. But only similar. Step 6 is always stated "See! IE RUNS faster than FF!" Even though they're only measuring LOAD time, they advertise it as RUN time.

As I say: there are few depths to which they have not already slithered.

4:14 am on Oct 22, 2009 (gmt 0)

5+ Year Member



I ask once again... what is the benefit of .NET?

I think the main in-browser benefit is ClickOnce, which is a very nice Windows technology if you're of the mind to be deploying applications across the web but dislike Java... and something you may well find useful in a corporate environment or similar. Having said that, I can't get it to work in Firefox.
4:14 am on Oct 22, 2009 (gmt 0)

5+ Year Member



Scratch that got it going. I rather like it, it could be useful.
4:52 pm on Oct 22, 2009 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



>a very nice Windows technology if you're of the mind to be deploying applications across the web but dislike Java.

On the other hand, if you're a surfer who likes Java because of its security, and don't want just anyone dropping anything on your machine without your knowledge or consent, then ... ClickOnce is the Satanic IT project of the year.

It's all in your perspective.

 

Featured Threads

Hot Threads This Week

Hot Threads This Month