It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

Sneaky Microsoft plug-in puts Firefox users at risk

page: 1
81
<<   2  3  4 >>

log in

join
share:
+34 more 
posted on Oct, 17 2009 @ 06:04 PM
link   


An add-on that Microsoft silently slipped into Mozilla's Firefox last February leaves the browser open to attack, Microsoft's security engineers acknowledged earlier this week.

One of the 13 security bulletins Microsoft released Tuesday affects not only Internet Explorer (IE), but also Firefox, thanks to a Microsoft-made plug-in pushed to Firefox users eight months ago in an update delivered via Windows Update.

"While the vulnerability is in an IE component, there is an attack vector for Firefox users as well," admitted Microsoft engineers in a post to the company's Security Research & Defense blog on Tuesday. "The reason is that .NET Framework 3.5 SP1 installs a 'Windows Presentation Foundation' plug-in in Firefox."

The Microsoft engineers described the possible threat as a "browse-and-get-owned" situation that only requires attackers to lure Firefox users to a rigged Web site.

Numerous users and experts complained when Microsoft pushed the .NET Framework 3.5 Service Pack 1 (SP1) update to users last February, including Susan Bradley, a contributor to the popular Windows Secrets newsletter.


Full CompuerWorld Article

Today kids, we ask: "How low can Microsoft go?" Just as you think Microsoft couldn't sink to a lower level, this comes up.
Maybe if Microsoft started building decent browsers, maybe people could rely on them. - After this however, who would?




posted on Oct, 17 2009 @ 06:18 PM
link   
Interesting timing. Not 5 minutes ago Firefox alerted me to this, but said it had been blocked. Recommended a re-start to be safe.

*MS Framework assistant .net 1.1
*Windows Presentation foundation

S&F




[edit on 17-10-2009 by LadySkadi]



posted on Oct, 17 2009 @ 06:24 PM
link   
reply to post by LadySkadi
 


Same thing for me, about the same time period. Said the plug in would make firefox unstable.



posted on Oct, 17 2009 @ 06:35 PM
link   
Wow.. I've seen these popups on 3 different computers these last couple days. Right after critical patch Tuesday...

MS Framework assistant .net 1.1
And
Windows Presentation foundation?



posted on Oct, 17 2009 @ 06:37 PM
link   
Same here just yesterday. I went to the Tools/Add-ons and uninstalled it immediately(microsoft.net framework) I suggest everyone do the same...



posted on Oct, 17 2009 @ 06:39 PM
link   
Well, I have to take my hat's off to the FF programmers who alerted me to this problem the second I opened my browser....

Unbelievable that we had to find out about it as potential victims.. after the fact.

I suppose MS has no interest in keeping the net safe for non-IE users



posted on Oct, 17 2009 @ 06:40 PM
link   
i got the same message also earlier. I shrug it off. means nothing to me. not worried about it. It is unacceptable behavior for a company to do, but what do you want, they feel like they rule the computer world.



posted on Oct, 17 2009 @ 06:41 PM
link   
i have manually verified that i did not receive this update through the system for win7.



posted on Oct, 17 2009 @ 06:41 PM
link   
damn
I quit using IE and norton bc of "issues" and now firefox.

I do have to say I feel vindicated though, I had an attack a few months ago and had to call norton. I had about a month left on the protection and the person told me that I would have to pay $90 for them to remote access my system and remove the files. The program itself costs $90!!!!!! I never download anything, I have no file sharing, the only thing my system is allowed to accept (with permission even) are updates from norton and windows. So, I suggested that it was attached to one of their downloads and that I would not be renewing the program. It would appear I may not have been far off.



posted on Oct, 17 2009 @ 06:42 PM
link   
 


off-topic post removed to prevent thread-drift


 



posted on Oct, 17 2009 @ 06:44 PM
link   
I had these Add ons as well I disabled them quick smart



posted on Oct, 17 2009 @ 06:45 PM
link   
So that is what that was eh?

I got that pop up too, I thought about hitting the cancel button, heck, how could anything from Microsoft be bad?



[edit on 17-10-2009 by Walkswithfish]



posted on Oct, 17 2009 @ 06:54 PM
link   
This is exactly why I have my firewall set to block any and all windows update traffic. No updates are installed without my explicit permission, seems a lot safer to me than just randomly allowing security loopholes to be "updated" into the code.



posted on Oct, 17 2009 @ 07:03 PM
link   

Excellent find. Once again fellow ATS members protect the IT community by informing each other and others of potential attacks against computer owners.
Bill Gates has no shame.



posted on Oct, 17 2009 @ 07:05 PM
link   

Originally posted by LadySkadi
Interesting timing. Not 5 minutes ago Firefox alerted me to this, but said it had been blocked. Recommended a re-start to be safe.

*MS Framework assistant .net 1.1
*Windows Presentation foundation

S&F


[edit on 17-10-2009 by LadySkadi]


Thats what mine did, did Firefox take care of for me?



posted on Oct, 17 2009 @ 07:29 PM
link   
Microsoft .NET Framework Assistant is now on Mozilla's blocked add-on list.

www.mozilla.com...



posted on Oct, 17 2009 @ 07:29 PM
link   
Glad I ditched Windows 9 years ago.



posted on Oct, 17 2009 @ 08:02 PM
link   
Same thing for me as well. When I saw it, I was like, wtf?



posted on Oct, 17 2009 @ 08:07 PM
link   
Just to be on the safe side I checked my firefox but whatever Microsoft did it didn't inflitrate macs.



posted on Oct, 17 2009 @ 08:11 PM
link   

Originally posted by zazzafrazz

Originally posted by LadySkadi
Interesting timing. Not 5 minutes ago Firefox alerted me to this, but said it had been blocked. Recommended a re-start to be safe.

*MS Framework assistant .net 1.1
*Windows Presentation foundation

S&F


[edit on 17-10-2009 by LadySkadi]


Thats what mine did, did Firefox take care of for me?


Firefox isolated it and just to be sure I went to "tools" "add-ons" and made sure it was blocked (or deleted) and than restart the computer - hope that took care of the problem. I do NOT see the .net installed on the 'puter so I'm guessing it worked.

[edit on 17-10-2009 by LadySkadi]



new topics

top topics



 
81
<<   2  3  4 >>

log in

join