Sneaky Microsoft Add-On Put Firefox Users At Risk

CWmike writes to mention that the "Windows Presentation Foundation" plugin that Microsoft slipped into Firefox last February apparently left the popular browser open to attack. This was among the many things recently addressed in the massive Tuesday patch. "What was particularly galling to users was that once installed, the .NET add-on was virtually impossible to remove from Firefox. The usual 'Disable' and 'Uninstall' buttons in Firefox's add-on list were grayed out on all versions of Windows except Windows 7, leaving most users no alternative other than to root through the Windows registry, a potentially dangerous chore, since a misstep could cripple the PC. Several sites posted complicated directions on how to scrub the .NET add-on from Firefox, including Annoyances.org."

except Windows 7

[nurb432]

Best upgrade then ya lusers!.. Here is an online form to order your shiny new pc with Windows 7..

Re:Sabotage?

[Captain Spam]

Not really, not when it's due to a plugin they themselves installed and have their name all over. I mean, you don't consider Flash vulnerabilities to be the fault of IE or Firefox, do you? If anything (and that's a big "if" in this case), it'll be a black eye for Microsoft.

Nah, if you're going the paranoid route, it'd have been a better idea if they made this plugin under the guise of a shell company or something, then when the vulnerabilities hit the fan, have the shell complain about how "hard" it is to make a secure plugin for the "obviously inferior" Firefox, then have Microsoft suddenly pipe up about how much more secure the .NET plugin is under IE. Bonus points if the shell claims to be open-source with their reimplementation of .NET so Microsoft can attempt to discredit open-source software, too!

But we're not THAT paranoid. Are we?

Re:"Cripple the PC"

[Anonymous Coward]

Exactly, and if anyone knows about crippled platforms, it's Apple.

Re:remember the important part

[jalefkowit]

That's what SHE said!

(sorry, couldn't resist)

Re:Sabotage?

[Ethanol-fueled]

It's not broken if it still works, even if it is a gaping security hole. [goatse.fr]

Re:Sabotage?

[SleazyRidr]

If your security is that bad, you should really consider switching to Linux.

Re:except Windows 7

[edwardsdl]

I don't understand the question.

Re:except Windows 7

[PopeRatzo]

I don't understand the question.

That's OK, neither did he.

Re:Sabotage?

[PopeRatzo]

For instance most people see the CIA as a bunch of bad asses with cell phone watches that project holograms of your dossier into thin air while sending you messages via ESP.

That's how those bastards did me, too!

Re:Sabotage?

[PopeRatzo]

Who gave Glenn Beck a webcam?

Re:Sabotage?

[PopeRatzo]

I'm the one who found and reported one of the vulnerabilities (CVE-2009-0090 [microsoft.com]) in this batch that affects Firefox, and I strongly doubt that it was in any way intentional...remember that IE is hit much worse

You're spoiling everyone's fun, you know that?

Re:Registry Danger!

[PopeRatzo]

turns out having a particular antivirus installed (mcaffee if I recall)

There's your problem, right there.

Re:Sabotage?

[shutdown -p now]

Ah, but you're missing the golden opportunity that I may be specifically sent here on /. to spread lies and FUD on the subject! ~

Re:except Windows 7

[Anonymous Coward]

Since Ubuntu is the best Linux has to offer, the other distributions must be absolute shit.

Re:Sabotage?

[JimboFBX]

Nah, the instructions are missing a reference to an obscure library somewhere that the user was some how already supposed to have with no link as to where to download it.

Re:Sabotage?

[Hognoxious]

I was designing an Algol-60 compiler targetting .NET

You too? Small world or what?