The Windows Presentation Foundation add-on was initially reported as causing crashes [bugzilla.mozilla.org], even before the vulnerability was discovered.

Microsoft has also posted removal instructions [support.microsoft.com] in their Support section.

If you use Microsoft's "automatic" solution, you may need to install further updates after doing so. It would be a good idea to run Microsoft Update after downloading and installing the KB963707 patch. This shouldn't be necessary if you use the manual regedit-and-file delete procedure given in KB963707.

Jim

This was the .NET plug-in that was hidden in one of the MS updates, right? There was a bit of noise made at the time. I was surprised to see FF block it that way. I hadn't seen them block other plug-ins that way before.

I didn't remember that i've installed "Microsoft .NET Framework Assistant" or why, but it was there. Seems like M$ is installing malware and I'm just happy that its blocked, security risk or not.

Malware is intentionally malicious. While Microsoft's add-on was defective and therefore exploitable, and while it was installed without giving the user an option, it's not quite fair to call it "malware." It's just buggy code.

Jim

I was starting to get fed up with Firefox. It seemed like a memory hog and was pokey. However since blocking/removing the two add-ons it seems like Firefox is working better.

I've never installed .NET or .NET Framework... never got the .NET Frame Assistant. Which begs the question: Is there any value in having .NET installed?

Seems like Microsoft and Mozilla have reached an agreement and have re-activated one of the add-ons they disabled, Slashdot has more details

What I have a problem with is someone who has a competing browser installs, in the background, a plugin that slows down it's competitor's browser.

I wonder how much of the "bad" coding was intentional to slow down FF.

I can just see a Microsoft campaign telling you to

1) update your machine
2) open Firefox
3) open IE
4) type this URL into both browsers
5) hit enter on both browsers
6) See! IE loads faster than FF

What they don't tell you is their plugin from the "update your machine" step slows down FF.

I am not saying that this is what happened here, but if they wanted it obviously wouldn't be hard to pull off.

Malware is intentionally malicious. While Microsoft's add-on was defective and therefore exploitable, and while it was installed without giving the user an option, it's not quite fair to call it "malware." It's just buggy code.

Its a matter of definitions i guess.

Malware, short for malicious software, is software designed to infiltrate a computer without the owner's informed consent.

Informed consent is a legal condition whereby a person can be said to have given consent based upon a clear appreciation and understanding of the facts, implications and future consequences of an action.

(source wikipedia)

Windows presentation foundation add-on caused my firefox to become unstable. Now i do not know if firefox is having any issues with it but after removing it my firefox is behaving normally as it used to be .......

I ask once again... what is the benefit of .NET?

Why MIGHT we need it? Why is Mozilla killing it (and is not after MS and Moz chatted a bit and said ONE is okay and the other is still blocked?)?

Nothing I use daily requires .NET. I've blocked it on updates on all systems. Biz continues as normal. Am I missing out on something?

-- benefit of .NET --

i am a developer that needs MSSQL Server localy or to connect to remote one?

>I wonder how much of the "bad" coding was intentional to sow down FF.

I defer to nobody in willingness to attribute bad motives to Microsoft: they are, IMO, lawyers and lawyer-spawn, although serpents are physiologically incapable of stooping, there is no depth to which they would not slither.

But I have no trouble attributing this particular issue to stupidity rather than malice: after all, they have these kind of security, reliability, and performance problems ALL THE TIME on their own software.

>I can just see a Microsoft campaign telling you to

>1) update your machine
>2) open Firefox
>3) open IE
>4) type this URL into both browsers
>5) hit enter on both browsers
>6) See! IE loads faster than FF

>What they don't tell you is their plugin from the "update your machine" step slows down FF.

In THIS matter you're attributing far too much honesty to Microsoft. This is similar to what they do regularly. But only similar. Step 6 is always stated "See! IE RUNS faster than FF!" Even though they're only measuring LOAD time, they advertise it as RUN time.

As I say: there are few depths to which they have not already slithered.

I ask once again... what is the benefit of .NET?

I think the main in-browser benefit is ClickOnce, which is a very nice Windows technology if you're of the mind to be deploying applications across the web but dislike Java... and something you may well find useful in a corporate environment or similar. Having said that, I can't get it to work in Firefox.

Scratch that got it going. I rather like it, it could be useful.

>a very nice Windows technology if you're of the mind to be deploying applications across the web but dislike Java.

On the other hand, if you're a surfer who likes Java because of its security, and don't want just anyone dropping anything on your machine without your knowledge or consent, then ... ClickOnce is the Satanic IT project of the year.

It's all in your perspective.