{"id":2196,"date":"2009-10-19T09:57:18","date_gmt":"2009-10-19T09:57:18","guid":{"rendered":"https:\/\/www.darknet.org.uk\/?p=2196"},"modified":"2015-09-09T19:37:52","modified_gmt":"2015-09-09T11:37:52","slug":"firefox-blocks-microsoft-net-framework-assistant-add-on","status":"publish","type":"post","link":"https:\/\/www.darknet.org.uk\/2009\/10\/firefox-blocks-microsoft-net-framework-assistant-add-on\/","title":{"rendered":"Firefox Blocks Microsoft .NET Framework Assistant Add-on"},"content":{"rendered":"
[ad]<\/p>\n
This is an interesting development, I noticed the pop-up on my Firefox yesterday. The reason however wasn’t security it was ‘instability’.<\/p>\n
It’s a fair move by Mozilla though as the add-on can cause security vulnerabilities in Firefox outside of their control. They can’t fix the software, so the best thing they can do to ensure user safety is to block it.<\/p>\n
Compounded with the fact it’s extremely hard for users to remove the add-on themselves the block is a good idea.<\/p>\n
Mozilla late Friday blocked the Microsoft-made software that had put Firefox users at risk from attack.<\/p>\n
The two-part Microsoft component — an add-on dubbed “.NET Framework Assistant” and a plug-in named “Windows Presentation Foundation” — have been blocked by Mozilla as a precautionary measure, said Mike Shaver, the company’s head of engineering.<\/p>\n
“Because of the difficulties some users have had entirely removing the add-on, and because of the severity of the risk it represents if not disabled, we contacted Microsoft today to indicate that we were looking to disable the extension and plug-in for all users via our blocklisting mechanism,” Shaver said in an announcement posted Friday night to the company’s security blog . <\/p><\/blockquote>\n
The annoying thing is these add-ons are installed in Firefox without any kind of prompt or permission given by the user.<\/p>\n
Microsoft pushed them out with the .NET Framework 3.5 Service Pack 1 (SP1) update in February this year, so our browsers have been vulnerable since then.<\/p>\n