{"id":10075,"date":"2009-10-19T10:47:00","date_gmt":"2009-10-19T08:47:00","guid":{"rendered":""},"modified":"2009-10-19T10:47:00","modified_gmt":"2009-10-19T08:47:00","slug":"mozilla-blocks-microsoft-plug-ins","status":"publish","type":"post","link":"https:\/\/mybroadband.co.za\/news\/software\/10075-mozilla-blocks-microsoft-plug-ins.html","title":{"rendered":"Mozilla blocks Microsoft plug-ins"},"content":{"rendered":"<p>Yesterday, Mozilla added two of <a href=\"https:\/\/www.mozilla.com\/en-US\/blocklist\/\" target=\"_blank\">Microsoft&rsquo;s browser plug-ins to its blocklist<\/a>. Introduced in 2007, the blocklist automatically prevents malicious software from being used in Firefox.<\/p>\n<p>The Microsoft .NET Framework Assistant and Windows Presentation Foundation were added, for reasons of their vulnerability to remote code execution. All versions for all applications have been blocked.<\/p>\n<p>Mike Shaver, Mozilla&rsquo;s Vice President of Engineering, stated in a blog post, that because of the difficulty in removing the plug-ins and the severity of the security risk, Mozilla decided to blocklist them. &ldquo;Microsoft agreed with the plan, and we put the blocklist entry live immediately.&rdquo;<\/p>\n<p>It has since been confirmed by Microsoft that the Framework Assistant is not a mechanism for an exploit and Shaver says it has been removed from the blocklist, although the entry still appears on the blocklist page.<\/p>\n<p>Last week, Microsoft admitted that the plug-ins, which have been quietly installed alongside Firefox since February, opened up a critical security exploit to both IE and Firefox users.<\/p>\n<p>Known as a browse-and-get-owned exploit, by simply visiting a malicious website, users open themselves up to having 3rd party software installed on their system. The Windows Presentation Foundation plug-in is the culprit allowing such attacks to take place in the browser.<\/p>\n<p>The vulnerability was addressed with the <a href=\"http:\/\/www.microsoft.com\/technet\/security\/bulletin\/ms09-054.mspx\" target=\"_blank\">record setting security patch<\/a> issued last week, but there was no mention of Firefox. The executive summary was revised yesterday to include reference to the Firefox fix, but clearly this isn&rsquo;t good enough for Mozilla.<\/p>\n<p><a href=\"http:\/\/mybroadband.co.za\/vb\/showthread.php?t=197960\"><strong>Firefox &amp; Microsoft plug-ins:<\/strong><\/a>&nbsp; comments and views<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft plug-ins that were slipped into the Firefox browser create critical security flaws \u2013 Mozilla takes action<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[16],"tags":[],"class_list":["post-10075","post","type-post","status-publish","format-standard","hentry","category-software"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/10075"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=10075"}],"version-history":[{"count":0,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/10075\/revisions"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=10075"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=10075"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=10075"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}