 |  |  |  |  |  |  |  |
Mozilla says Microsoft browser malware can Firefox off
Odd isn't it, how Microsoft kicked up a fuss when Google announced the Chrome plugin for Internet Explorer on the grounds that it could make the browser more insecure. Indeed, it went as far as to suggest that it doubled the potential surface area for malware and scripted attacks. Yet, amazingly, Microsoft sees no such problem with installing a plugin into the Firefox browser. What's more it is installed without asking the permission of the user and, he says with more than a hint of irony, it left Firefox vulnerable to a drive-by exploit.
This is nothing new, as those with a memory for such underhand shenanigans will recall, as Microsoft started 'silently' installing a .NET Framework Assistant extension for Firefox users earlier in the year. The sting at the time was that it could not be uninstalled, and when an uninstall option was provided (after much media attention) it managed to break some other Firefox extension during the uninstall process.
So imagine the surprise when numerous Firefox users were presented with an 'Add-ons may be causing problems' popup when they had not added any new extensions. That popup quickly explained what was going on (see screenshot) determining that the Microsoft .NET Framework Assistant 1.1 may be "unstable or insecure". Given the option to restart Firefox so that the add-on could be disabled most punters would, I suspect, jump at the chance.
People have a right to be angry both at Microsoft for plugging something into a non-Microsoft browser client which could impact upon the security of that client, and doing so without their knowledge or prior consent I might add, but also with Firefox for allowing this silent installation in the first place.
But why the fuss now, when this plugin was pushed out some months back? Well it all boils down to the recent big Patch Tuesday roll out from Microsoft. On Tuesday Microsoft warned that unless Firefox users had installed the appropriate Internet Explorer patch then they would be vulnerable to an exploit enabled by a .Net Framework Assistant extension bug. Microsoft stated that installing Tuesday's MS09-054 patch protected all users from the exploit, no matter the attack vector, including Firefox users.
Mozilla responded, quite correctly, by telling Microsoft to Firefox off. It automatically turned on a system to block the extension for all Firefox users. Mike Shaver, Vice President of Engineering with Mozilla, explains "Because of the difficulties some users have had entirely removing the add-on, and because of the severity of the risk it represents if not disabled, we contacted Microsoft today to indicate that we were looking to disable the extension and plugin for all users via our blocklisting mechanism. Microsoft agreed with the plan, and we put the blocklist entry live immediately."
The thing is, if you silently or stealthily install software which impacts upon the security of the user, without that users knowledge or prior consent, isn't that called malware?
This is nothing new, as those with a memory for such underhand shenanigans will recall, as Microsoft started 'silently' installing a .NET Framework Assistant extension for Firefox users earlier in the year. The sting at the time was that it could not be uninstalled, and when an uninstall option was provided (after much media attention) it managed to break some other Firefox extension during the uninstall process.
So imagine the surprise when numerous Firefox users were presented with an 'Add-ons may be causing problems' popup when they had not added any new extensions. That popup quickly explained what was going on (see screenshot) determining that the Microsoft .NET Framework Assistant 1.1 may be "unstable or insecure". Given the option to restart Firefox so that the add-on could be disabled most punters would, I suspect, jump at the chance.
People have a right to be angry both at Microsoft for plugging something into a non-Microsoft browser client which could impact upon the security of that client, and doing so without their knowledge or prior consent I might add, but also with Firefox for allowing this silent installation in the first place.
But why the fuss now, when this plugin was pushed out some months back? Well it all boils down to the recent big Patch Tuesday roll out from Microsoft. On Tuesday Microsoft warned that unless Firefox users had installed the appropriate Internet Explorer patch then they would be vulnerable to an exploit enabled by a .Net Framework Assistant extension bug. Microsoft stated that installing Tuesday's MS09-054 patch protected all users from the exploit, no matter the attack vector, including Firefox users.
Mozilla responded, quite correctly, by telling Microsoft to Firefox off. It automatically turned on a system to block the extension for all Firefox users. Mike Shaver, Vice President of Engineering with Mozilla, explains "Because of the difficulties some users have had entirely removing the add-on, and because of the severity of the risk it represents if not disabled, we contacted Microsoft today to indicate that we were looking to disable the extension and plugin for all users via our blocklisting mechanism. Microsoft agreed with the plan, and we put the blocklist entry live immediately."
The thing is, if you silently or stealthily install software which impacts upon the security of the user, without that users knowledge or prior consent, isn't that called malware?
0
•
•
•
•
So that's what it was, I received the same message after the update this week and was surprised to see an add on I hadn't installed myself.
0
•
•
•
•
Interesting reading happygeek,
I happened to run across this the other day;
https://www.mozilla.com/en-US/blocklist/
And, this is a "Fix" "Remove the Microsoft .NET Framework Assistant (ClickOnce) Firefox Extension"
http://www.annoyances.org/exec/show/article08-600
I happened to run across this the other day;
•
•
•
•
Add-ons Blocklist
This page lists blocklisted add-ons that should no longer be used with Mozilla products.
And, this is a "Fix" "Remove the Microsoft .NET Framework Assistant (ClickOnce) Firefox Extension"
http://www.annoyances.org/exec/show/article08-600
•
•
•
•
| Tags |
| browser, exploit, firefox, ie8, malware, microsoft, mozilla, news, security, silverlight |
Similar Threads
- News Story: Forget Firefox 3.5, should Opera fear Fennec? (Web Browsers)
- Mozilla using the same session ID for different browser (Java)
- URGENT!!! VIRUS/SPYWARE/MALWARE has taken over my computer!!! (Viruses, Spyware and other Nasties)
- News Story: Porn Mode for Firefox (Web Browsers)
- News Story: Microsoft IE 8 More Friendly to Developers, IT (JavaScript / DHTML / AJAX)
- News Story: Firefox takes aims at wrong record (Web Browsers)
- IE Pop-ups while using Firefox. (Viruses, Spyware and other Nasties)
- News Story: Microsoftzilla (Web Browsers)
- News Story: Free webmail crypto browser extension for Firefox (Network Security)
| Thread Tools | Search this Thread |
Latest Web Browsers Posts
- Today's Posts
- Unanswered Threads
Related Forum Features
Tag cloud for browser, exploit, firefox, ie8, malware, microsoft, mozilla, news, security, silverlight
advertising age amd android apple avatar ballmer bing bluegene botnet browser business cellphone china chips crime data database development dos downloads economy email encryption energy enterprise facebook firefox games gaming google government hacking hardware ibm ibm.news ie8 intelibm internet iphone ipod itunes law linux mac malware marketing medicine memory microsoft mobile mozilla music network news nintendo novell office openoffice opensource os pc piracy porn privacy ps3 recession redhat report research russia search security sex socialnetworking software spam sun supercomputer supercomputing survey technology trends trojan twitter ubuntu uk video virus vista web wii windows windows7 working x86 xbox xp yahoo youtube
