backtop


Print

Add-ons blocked because of serious security vulnerability for Firefox users.

A war has been raging between different web browsers for a long time now. The two main combatants in the battle are Microsoft's Internet Explorer and Firefox from Mozilla. Microsoft is still in the lead in marketshare with IE, but Firefox is grabbing up a large portion of the market for itself.

Firefox hit the one billion download mark in August and has 32% of the browser market while IE holds about 60% of the market.

Mozilla and Microsoft are working together on a security flaw in some Microsoft add-ons that affects Firefox users. Mozilla reports that it has blocked two Microsoft add-ons installed silently for computers running the .NET Framework 3.5 SP1. The add-ons that Mozilla is blocking are the .NET Framework Assistant and Windows Presentation Foundation component because of a vulnerability that the add-ons allow for Firefox.

Mozilla VP of engineering Mike Shaver wrote in a blog post, "Because of the difficulties some users have had entirely removing the add-on, and because of the severity of the risk it represents if not disabled, we contacted Microsoft today to indicate that we were looking to disable the extension and plug-in for all users via our blocklisting mechanism. Microsoft agreed with the plan, and we put the blocklist entry live immediately.”

The vulnerability in question is CVE-2009-2529 that allows an exploit when a Firefox user visits a malicious website. The user only has to visit a website running malicious code to be affected.

Microsoft wrote a blog post about the threat saying, "Triggering this vulnerability involves the use of a malicious XBAP (XAML Browser Application). Please note that while this attack vector matches one of the attack vectors for MS09-061, the underlying vulnerability is different. Here, the affected process is the Windows Presentation Foundation (WPF) hosting process, PresentationHost.exe."

Microsoft says that Firefox users with .NET Framework 3.5 installed can disable the add-ons by going to Tools'-> 'Add-ons' -> 'Plugins,' select 'Windows Presentation Foundation,' and click 'Disable'. Those who have downloaded the Microsoft patch are protected against the vulnerability as well.





"When an individual makes a copy of a song for himself, I suppose we can say he stole a song." -- Sony BMG attorney Jennifer Pariser







Latest Blog Posts
More News
Saimin Nidarson - Dec 3, 2016, 5:00 AM
Top News
Saimin Nidarson - Dec 2, 2016, 5:00 AM
Top Stories
Saimin Nidarson - Nov 28, 2016, 1:12 AM
News: Fidel Castro
Saimin Nidarson - Nov 27, 2016, 5:00 AM
Top News
Saimin Nidarson - Nov 26, 2016, 5:00 AM
Top Stories
Saimin Nidarson - Nov 22, 2016, 2:26 AM
Headline News:
Saimin Nidarson - Nov 21, 2016, 1:00 AM






botimage
Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki