Add-ons blocked because of serious security vulnerability for Firefox users.

A war has been raging between different web browsers for a long time now. The two main combatants in the battle are Microsoft's Internet Explorer and Firefox from Mozilla. Microsoft is still in the lead in marketshare with IE, but Firefox is grabbing up a large portion of the market for itself.

Firefox hit the one billion download mark in August and has 32% of the browser market while IE holds about 60% of the market.

Mozilla and Microsoft are working together on a security flaw in some Microsoft add-ons that affects Firefox users. Mozilla reports that it has blocked two Microsoft add-ons installed silently for computers running the .NET Framework 3.5 SP1. The add-ons that Mozilla is blocking are the .NET Framework Assistant and Windows Presentation Foundation component because of a vulnerability that the add-ons allow for Firefox.

Mozilla VP of engineering Mike Shaver wrote in a blog post, "Because of the difficulties some users have had entirely removing the add-on, and because of the severity of the risk it represents if not disabled, we contacted Microsoft today to indicate that we were looking to disable the extension and plug-in for all users via our blocklisting mechanism. Microsoft agreed with the plan, and we put the blocklist entry live immediately.”

The vulnerability in question is CVE-2009-2529 that allows an exploit when a Firefox user visits a malicious website. The user only has to visit a website running malicious code to be affected.

Microsoft wrote a blog post about the threat saying, "Triggering this vulnerability involves the use of a malicious XBAP (XAML Browser Application). Please note that while this attack vector matches one of the attack vectors for MS09-061, the underlying vulnerability is different. Here, the affected process is the Windows Presentation Foundation (WPF) hosting process, PresentationHost.exe."

Microsoft says that Firefox users with .NET Framework 3.5 installed can disable the add-ons by going to Tools'-> 'Add-ons' -> 'Plugins,' select 'Windows Presentation Foundation,' and click 'Disable'. Those who have downloaded the Microsoft patch are protected against the vulnerability as well.

"I f***ing cannot play Halo 2 multiplayer. I cannot do it." -- Bungie Technical Lead Chris Butcher

Most Popular ArticlesProblems with Windows 10 – Update Now
October 15, 2016, 7:30 AM
End of the Road for the Audi R8 e-tron
October 15, 2016, 5:00 AM
Is Razer Blade Stealth Laptop For You?
October 16, 2016, 5:00 AM
Bluetooth Saves Lives
October 16, 2016, 7:05 AM
IBM – Cloud Object Storage Cheaper than Amazon S3
October 14, 2016, 5:00 AM

Latest Blog Posts
T-Mobile Data Problems
Saimin Nidarson - Oct 20, 2016, 10:17 AM
IMEX America Trade Show
Saimin Nidarson - Oct 9, 2016, 10:00 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki