You would think Microsoft would have learned its lesson after all the negative backlash with the Microsoft .NET Spyware Extension. But this is Microsoft we are talking about. Earlier today I got an odd pop-up window from Firefox: The Windows Presentation Foundation plug-in has been disabled for your protection.
Several people on Go Firefox! have reported getting the same message. From what I have read this plug-in that allows the embedding of XAML applications (an XML-based UI technology) in web pages, called XBAP and is part of the .NET Framework 3.5 SP1. On Tuesday, Microsoft announced a security hole was found in the Microsoft .Net Framework Assistant add-on which could cause a “browse-and-get-owned attack”.
While Microsoft did provide an update (MS09-054 IE update), Mozilla has now added to the Add-ons Blocklist both the Microsoft .Net Framework Assistant add-on as well as the Windows Presentation Foundation plug-in as of last night. This means if you have either one or both of these add-ons installed Firefox is going to disable these and prompt you to restart (for the settings to kick-in).
I am glad Mozilla is doing this for two reasons. First, I did not know I had the Windows Presentation Foundation plug-in installed (I really think I did uninstall it, but Microsoft may have somehow managed to reinstall it ‘silently’). Further, while I do check what updates are released, I would have NOT installed something called MS09-054 IE update. I don’t use IE on this machine, just Firefox and Chrome.
Two other things worth mentioning regarding this topic. The Microsoft .Net Framework Assistant add-on can now be uninstalled from within the Firefox add-ons manager. I discovered this last week when I was making my installable XPI for my work-related add-ons. Mozilla is working on a way to make plugin installs ‘less silent’ so users are more aware that a plugin has been installed. Unlike addons, the Firefox add-on manager does not appear upon the first restart after a plugin has been installed.