Mozilla Blocks Microsoft Plugin & Add-on

Posted: Saturday, October 17, 2009 by El Guru in Add-ons, Blog News, Blogs, Browsers, Firefox, Fx 3.5, Go Firefox!, Google, IE, Microsoft, Mozilla News, Tips & Tweaks

PhotobucketYou would think Microsoft would have learned its lesson after all the negative backlash with the Microsoft .NET Spyware Extension. But this is Microsoft we are talking about. Earlier today I got an odd pop-up window from Firefox: The Windows Presentation Foundation plug-in has been disabled for your protection.

Several people on Go Firefox! have reported getting the same message. From what I have read this plug-in that allows the embedding of XAML applications (an XML-based UI technology) in web pages, called XBAP and is part of the .NET Framework 3.5 SP1. On Tuesday, Microsoft announced a security hole was found in the Microsoft .Net Framework Assistant add-on which could cause a “browse-and-get-owned attack”.

While Microsoft did provide an update (MS09-054 IE update), Mozilla has now added to the Add-ons Blocklist both the Microsoft .Net Framework Assistant add-on as well as the Windows Presentation Foundation plug-in as of last night. This means if you have either one or both of these add-ons installed Firefox is going to disable these and prompt you to restart (for the settings to kick-in).

I am glad Mozilla is doing this for two reasons. First, I did not know I had the Windows Presentation Foundation plug-in installed (I really think I did uninstall it, but Microsoft may have somehow managed to reinstall it ‘silently’). Further, while I do check what updates are released, I would have NOT installed something called MS09-054 IE update. I don’t use IE on this machine, just Firefox and Chrome.

Two other things worth mentioning regarding this topic. The Microsoft .Net Framework Assistant add-on can now be uninstalled from within the Firefox add-ons manager. I discovered this last week when I was making my installable XPI for my work-related add-ons. Mozilla is working on a way to make plugin installs ‘less silent’ so users are more aware that a plugin has been installed. Unlike addons, the Firefox add-on manager does not appear upon the first restart after a plugin has been installed.

Sources:

Comments
  1. […] the cause of this problem and found out that many had had the same experience, such as the post in FF Extension blog I found earlier in my tag surfer. It turns out that these two Firefox addon are easily hacked, […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s