backtop


Print

Add-ons blocked because of serious security vulnerability for Firefox users.

A war has been raging between different web browsers for a long time now. The two main combatants in the battle are Microsoft's Internet Explorer and Firefox from Mozilla. Microsoft is still in the lead in marketshare with IE, but Firefox is grabbing up a large portion of the market for itself.

Firefox hit the one billion download mark in August and has 32% of the browser market while IE holds about 60% of the market.

Mozilla and Microsoft are working together on a security flaw in some Microsoft add-ons that affects Firefox users. Mozilla reports that it has blocked two Microsoft add-ons installed silently for computers running the .NET Framework 3.5 SP1. The add-ons that Mozilla is blocking are the .NET Framework Assistant and Windows Presentation Foundation component because of a vulnerability that the add-ons allow for Firefox.

Mozilla VP of engineering Mike Shaver wrote in a blog post, "Because of the difficulties some users have had entirely removing the add-on, and because of the severity of the risk it represents if not disabled, we contacted Microsoft today to indicate that we were looking to disable the extension and plug-in for all users via our blocklisting mechanism. Microsoft agreed with the plan, and we put the blocklist entry live immediately.”

The vulnerability in question is CVE-2009-2529 that allows an exploit when a Firefox user visits a malicious website. The user only has to visit a website running malicious code to be affected.

Microsoft wrote a blog post about the threat saying, "Triggering this vulnerability involves the use of a malicious XBAP (XAML Browser Application). Please note that while this attack vector matches one of the attack vectors for MS09-061, the underlying vulnerability is different. Here, the affected process is the Windows Presentation Foundation (WPF) hosting process, PresentationHost.exe."

Microsoft says that Firefox users with .NET Framework 3.5 installed can disable the add-ons by going to Tools'-> 'Add-ons' -> 'Plugins,' select 'Windows Presentation Foundation,' and click 'Disable'. Those who have downloaded the Microsoft patch are protected against the vulnerability as well.





"If they're going to pirate somebody, we want it to be us rather than somebody else." -- Microsoft Business Group President Jeff Raikes













botimage
Copyright 2017 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki