Windows 7 Silent Install Firefox Plugin Backfires on Microsoft

[reghakr]

I know a partial bit of this was posted somewhere, but couldn't locate it:

Whilst it's not okay in Microsoft's eyes for Google to install a plugin into Internet Explorer, increasing the potential surface area of attack, when Microsoft do it to Firefox, it's a different matter. Now a security hole has been found in a plugin that Microsoft have been silently installing into Firefox.

Along with .NET Framework 3.5 SP1, Microsoft have been silently installing a Windows Presentation Foundation Plugin that allows the embedding of XAML applications (an XML-based UI technology) in web pages, called XBAP (XAML Web App).

The exploit is drive-by, meaning that the victim only needs to be lured onto a web-page for the attack to be effective. The only safe thing to do until a patch is issued, is to open Firefox’s AddOn Manager and disable the WPF plugin.

Microsoft were caught earlier this year silently installing a .NET Framework Assistant plugin into Firefox, which could not initially be uninstalled. After some pressure from the press, Microsoft relented and provided an update to enable the uninstall button. That update then broke a number of other Firefox extensions.

More...........Silent Install Firefox Plugin Backfires on Microsoft

 

[stueycaster]

Mozilla gave me an update that disabled the offensive plugins for me. I had already disabled that one but there was another that I didn't know about.

Update: that other thread was in the "Water Cooler". Can you tell me if there is a better place for it? I get a little confused about that sometimes.

 

[reghakr]

Since itt wasn't an off-topic item, I chose Windows Discussion Stue

 

[stueycaster]

Thanks reghakr. I'll remember that.

 

[reghakr]

No problem