{"id":2196,"date":"2009-10-19T09:57:18","date_gmt":"2009-10-19T09:57:18","guid":{"rendered":"https:\/\/www.darknet.org.uk\/?p=2196"},"modified":"2015-09-09T19:37:52","modified_gmt":"2015-09-09T11:37:52","slug":"firefox-blocks-microsoft-net-framework-assistant-add-on","status":"publish","type":"post","link":"https:\/\/www.darknet.org.uk\/2009\/10\/firefox-blocks-microsoft-net-framework-assistant-add-on\/","title":{"rendered":"Firefox Blocks Microsoft .NET Framework Assistant Add-on"},"content":{"rendered":"

[ad]<\/p>\n

This is an interesting development, I noticed the pop-up on my Firefox yesterday. The reason however wasn’t security it was ‘instability’.<\/p>\n

It’s a fair move by Mozilla though as the add-on can cause security vulnerabilities in Firefox outside of their control. They can’t fix the software, so the best thing they can do to ensure user safety is to block it.<\/p>\n

Compounded with the fact it’s extremely hard for users to remove the add-on themselves the block is a good idea.<\/p>\n

Mozilla late Friday blocked the Microsoft-made software that had put Firefox users at risk from attack.<\/p>\n

The two-part Microsoft component — an add-on dubbed “.NET Framework Assistant” and a plug-in named “Windows Presentation Foundation” — have been blocked by Mozilla as a precautionary measure, said Mike Shaver, the company’s head of engineering.<\/p>\n

“Because of the difficulties some users have had entirely removing the add-on, and because of the severity of the risk it represents if not disabled, we contacted Microsoft today to indicate that we were looking to disable the extension and plug-in for all users via our blocklisting mechanism,” Shaver said in an announcement posted Friday night to the company’s security blog . <\/p><\/blockquote>\n

The annoying thing is these add-ons are installed in Firefox without any kind of prompt or permission given by the user.<\/p>\n

Microsoft pushed them out with the .NET Framework 3.5 Service Pack 1 (SP1) update in February this year, so our browsers have been vulnerable since then.<\/p>\n

The software was almost impossible to remove without some registry hacking, Microsoft did remedy this later<\/a> – but still how many people would know?<\/p>\n

Mozilla maintains an add-on\/plug-in blocking list that automatically bars risky software from being used by Firefox. The open-source company first used the blocker in 2007. Mozilla has used the tool only nine times, including Friday’s blocking of the Microsoft add-on and plug-in. In May 2008, for example, Mozilla added a Vietnamese language pack for Firefox to the blocking list when the pack was found to contain a worm.<\/p>\n

According to Shaver, Microsoft gave Mozilla the go-ahead to block the .Net Framework Assistant and the Windows Presentation Foundation.<\/p>\n

Last week, Microsoft’s security team acknowledged that its software — which had been silently installed in Firefox as far back as February 2009 — contained a critical vulnerability that could be used by hackers to hijack Windows PCs. The same vulnerability also affected all versions of Internet Explorer (IE), including the newest version, IE8. <\/p><\/blockquote>\n

Thankfully Firefox has the blocklist functionality and they have been aggressively moving towards ensuring 3rd party additions are also secure and don’t comprise the integrity of the platform.<\/p>\n

Last month they warned users with out of date Flash plugins to update.<\/p>\n

Firefox 3.6 will be even more aggressive in this aspect warning users when they visit a site that relies on one or more outdated add-ons.<\/p>\n

<\/p>\n

Source: Network World<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

[ad] This is an interesting development, I noticed the pop-up on my Firefox yesterday. The reason however wasn’t security it was ‘instability’. It’s a fair move by Mozilla though as the add-on can cause security vulnerabilities in Firefox outside of their control. They can’t fix the software, so the best thing they can do to […]<\/p>\n","protected":false},"author":25,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"","_seopress_titles_title":"","_seopress_titles_desc":"","_seopress_robots_index":"","_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[10,4],"tags":[1083,3936,138,556,1386,921],"featured_image_src":null,"featured_image_src_square":null,"author_info":{"display_name":"Darknet","author_link":"https:\/\/www.darknet.org.uk\/author\/darknet\/"},"_links":{"self":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts\/2196"}],"collection":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/users\/25"}],"replies":[{"embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/comments?post=2196"}],"version-history":[{"count":0,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts\/2196\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/media?parent=2196"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/categories?post=2196"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/tags?post=2196"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}