Mike Shaver, Mozilla’s Vice President of Engineering writes:
I’ve previously posted about the .NET Framework Assistant add-on that was delivered via Windows Update earlier this year. It’s recently surfaced that it has a serious security vulnerability, and Microsoft is recommending that all users disable the add-on.
Because of the difficulties some users have had entirely removing the add-on, and because of the severity of the risk it represents if not disabled, we contacted Microsoft today to indicate that we were looking to disable the extension and plugin for all users via our blocklisting mechanism. Microsoft agreed with the plan, and we put the blocklist entry live immediately. (Some users are already seeing it disabled, less than an hour after we added it!)
Update (Sunday Oct 18, 6:30pm PDT): Microsoft has now confirmed that the Framework Assistant add-on is not a vector for this attack, and we have removed the entry from the blocklist. We are also working on a mechanism to allow Firefox users to re-enable the WPF plugin ahead of its eventual removal from the blocklist. For more information, see Mike Shaver’s latest blog post.
Alan Baxter wrote on
Gavin Sharp wrote on
Angry Firefox User wrote on
Da Scritch wrote on
fowl wrote on
Ottmar Freudenberger wrote on
Jules wrote on
Hanspeter wrote on
Jipe wrote on
James Hedges wrote on
fred wrote on
MOM2006 wrote on
Eric wrote on
Daniel Veditz wrote on
arejfour wrote on
Robert Kaiser wrote on
Sean wrote on
Sean wrote on
Rajah Donalt wrote on
Drew wrote on
ff poster wrote on
Brian wrote on
Rajah Donalt wrote on
DannyStaple wrote on
BRoper wrote on
Larry Seltzer wrote on
BTS wrote on
confused wrote on
SayNoToStealthInstalls wrote on
Mark wrote on
80s Rocker wrote on
James wrote on
SDL wrote on
execoot wrote on
Justin wrote on
Kevin wrote on
MOM2006 wrote on
Clubs wrote on
naranha wrote on
Larry Seltzer wrote on
Anon wrote on
Tomas wrote on
Casper Andersen wrote on
Tang YingRong wrote on
Jerome Haltom wrote on
Larry Seltzer wrote on
ant wrote on
Mike wrote on
virgil wrote on
Bob wrote on
Fred wrote on
hippiejake wrote on
Sammy wrote on
Sammy wrote on
Dan wrote on
blah wrote on
Nik B. wrote on
InvadedPrivacy wrote on
Johnny Wishbone wrote on
Paul wrote on
Pete wrote on
dbmuse wrote on
Eric Stafford wrote on
Vivek T. Mahadik wrote on
Insano wrote on
anonymous coward wrote on
Chris wrote on
Tim wrote on
PC.Tech wrote on
chase wrote on
Dewi Morgan wrote on
Dewi Morgan wrote on
Chevy wrote on
luminositee wrote on
freedom defence wrote on
windoz wrote on
komba wrote on
Chainsaw wrote on
Daniel Veditz wrote on
sikiş wrote on
Ahmad Barirani wrote on
Greg wrote on