Firefox Foils Microsoft's Security Hole

[Creag]

If you use Firefox, you may have already seen a pop-up from your browser alerting you that it is blocking the Microsoft .NET Framework Assistant and Windows Presentation Foundation add-ons. It's for good reason.

As of today, Mozilla's browser will automatically disable Microsoft's addon and plugin because of a gaping security hole that allows for drive-by-download attacks. The flaw lies in the Windows Presentation Foundation plug-in that is installed by the .NET add-on.

According to a Microsoft Security Research & Defense blog post, anyone who has applied the MS09-054 security patch (available via Windows Update) is safe from a potential attack against ths flaw, regardless of whether the attack comes via IE or the WPF plug-in. But since Microsoft automatically installed the add-on earlier this year without asking the user's permission, Redmond should be red-faced after this fiasco.

Source

Saw it happen on my FF browser this morning.

 

[Dimpie (JIGSAW)]

https://bugzilla.mozilla.org/show_bug.cgi?id=522777

 

[PeterCH]

More MS BS. And people wonder why I dislike MS. It's this slack, careless programming full of security holes, couple with arrogance of mandatory installs. A FOSS product saves users instead. Would Windows 7 with its super-duper upgraded security saved the day at R2-3000 per pop? Heck no, a free product did.

I know I will be attacked for this by MS shills here but hey this is the truth. MS sucks.

 

[Creag]

I would say I slate M$ but they are just too blasé about their approach. I get the feeling they don't care much about the consequences of their actions. Pity.

 

[reddevilandy10]

Wow. Saw that a few minutes ago actually. That's pretty messed up!

 

[Dean]

What amazes me, is that MS screwed up their own browser, which led to most of the initiated users going elsewhere to enhance their online security.

YET

MS STILL find a way to screw up other apps!

 

[InTheCube]

I saw that message this morning. Didn't even know MS installed that crap into my FF.

Leave my FF alone MS. Stay out! Go stuff up your own IE as much as you want.

 

[Kaufies]

I saw that message this morning. Didn't even know MS installed that crap into my FF.

Leave my FF alone MS. Stay out! Go stuff up your own IE as much as you want.

+1
That's like a virus!! Installing stuff without the user's knowledge, replicating itself on as many machines as possible. Lol, MS is evil

 

[Dude111]

M$ has the nerve to complain about ppl ADDING STUFF TO IE8 (Google and the chrome thing to handle Javascript better) then they continue to screw with other software....

They have become VERY INTRUSIVE and are trying take everything over and its sick!!

 

[The_Unbeliever]

Never will see that message on my Linux box

 

[Gekco]

Yeah was wondering about that after FF blocked those 2 add-ons yesterday.

 

[Bismuth]

Never will see that message on my Linux box

Yes, was wondering if I would get to see this message, guess not either.

Not that I'm complaining.

B

 

[w1z4rd]

More MS BS. And people wonder why I dislike MS. It's this slack, careless programming full of security holes, couple with arrogance of mandatory installs. A FOSS product saves users instead. Would Windows 7 with its super-duper upgraded security saved the day at R2-3000 per pop? Heck no, a free product did.

I know I will be attacked for this by MS shills here but hey this is the truth. MS sucks.

Its a big flaw with a lot of paid for propriety code. Though terrible propriety coding is not limited to just Microsoft.

I got this error as well. Thanks Firefox!

 

[PeterCH]

Its a big flaw with a lot of paid for propriety code. Though terrible propriety coding is not limited to just Microsoft.

I got this error as well. Thanks Firefox!

Gee Captain Obvious, but MS has more than a fair share of errors and it's not MS who pays for these errors - botnets and spam exist mostly because of lax MS security.

 

[I am Penguin]

Gee Captain Obvious, but MS has more than a fair share of errors and it's not MS who pays for these errors - botnets and spam exist mostly because of lax MS security.

Ah, some more anti MS FUD, nothing to do with the complexity and pure sales volumes of the major OS in the world I presume.

 

[I am Penguin]

More MS BS. And people wonder why I dislike MS. It's this slack, careless programming full of security holes, couple with arrogance of mandatory installs. A FOSS product saves users instead. Would Windows 7 with its super-duper upgraded security saved the day at R2-3000 per pop? Heck no, a free product did.

I know I will be attacked for this by MS shills here but hey this is the truth. MS sucks.

Ah, again some more anti MS FUD! Just can never resist hey uncle Peter.

 

[Tux]

Never will see that message on my Linux box

Awwww shucks, and I was looking forward to seeing it as well

 

[Nod]

Ah, some more anti MS FUD, nothing to do with the complexity and pure sales volumes of the major OS in the world I presume.

60+% of web servers run on Linux + Apache. I think that is a pretty sizeable install base? Maybe it is just more secure than MS in general?

 

[I am Penguin]

60+% of web servers run on Linux + Apache. I think that is a pretty sizeable install base? Maybe it is just more secure than MS in general?

Or that Linux tend to be dedicated install for specific functions?

Ever heard of the saying the best burglar alarm is the unique DIY self installed units? I wonder why?

 

[Nod]

Or that Linux tend to be dedicated install for specific functions?

Ever heard of the saying the best burglar alarm is the unique DIY self installed units? I wonder why?

The kernel is still the same for all flavours of Linux distros. Linux was just designed to be multi-user and secure from the beginning, where Windows came from a single-user perspective.

Read up on Windows security problems here.