• Total Members: 12780
  • Latest: eduard
  • Total Posts: 28046
  • Total Topics: 8053
  • Online Today: 962
  • Online Ever: 51419
  • (01. January 2010., 09:27:49)

Author Topic: Mozilla Blocks Microsoft's Buggy Firefox Plugin (XBAP, XAML, MS09-054)  (Read 3876 times)

0 Members and 1 Guest are viewing this topic.


  • SCF Administrator
  • *****
  • Posts: 7152
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • - Samker's Computer Forum

Mozilla developers have blocked a Firefox plugin that was quietly pushed out by Microsoft, saying that it presents a security risk.

Microsoft shipped the Firefox add-on as part of a .Net software update last February, causing outrage among some Firefox users, who complained that the software was sneaked onto their systems without their knowledge or approval and was extremely difficult to remove:

On Tuesday, Microsoft warned that Firefox users who have not applied a recent Internet Explorer patch were vulnerable to a "browse-and-get-owned attack" because of a bug in the Microsoft .Net Framework Assistant add-on:

"All that is needed is for a user to be lured to a malicious website," Microsoft said. Triggering this vulnerability involves the use of a malicious XBAP (XAML Browser Application).

The flaw is a nasty one, but users who have installed the MS09-054 IE update, released Tuesday are protected from this attack, "regardless of the attack vector," Microsoft said.

To protect users who may not have installed Microsoft's patch, Mozilla is automatically blocking two add-ons: the Microsoft .Net Framework Assistant and a related plugin called the Windows Presentation Foundation. The open-source browser started blocking the software late Friday night.

"Because of the difficulties some users have had entirely removing the add-on, and because of the severity of the risk it represents if not disabled, we contacted Microsoft today to indicate that we were looking to disable the extension and plugin for all users via our blocklisting mechanism," wrote Mozilla Vice President of Engineering Mike Shaver in a blog posting. "Microsoft agreed with the plan, and we put the blocklist entry live immediately.:

Buggy plugins are a growing problem, as cyber criminals have increasingly leveraged flaws in products such as Adobe Flash Player and QuickTime to launch browser-based attacks. Earlier this week, Mozilla launched a Plugin Check site where Firefox users can see if their plugins are up-to-date:


Samker's Computer Forum -


  • SCF Member
  • **
  • Posts: 27
  • KARMA: 2
 :-\ mmmmmmm


With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters)

Enter your email address to receive daily email with ' - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising