Submission + - Microsoft Plubin puts Firefox users at risk. (itworldcanada.com)
cbiltcliffe writes: The 'Windows Presentation Foundation' plugin that the .NET framework installs in Firefox is vulnerable to the same "browse-and-get-owned" situation that Internet Explorer is.
From the article:
"While the vulnerability is in an IE component, there is an attack vector for Firefox users as well," admitted Microsoft engineers in a post to the company's Security Research & Defense blog on Tuesday. "The reason is that .NET Framework 3.5 SP1 installs a 'Windows Presentation Foundation' plug-in in Firefox."
According to annoyances.org: "This update adds to Firefox one of the most dangerous vulnerabilities present in all versions of Internet Explorer: the ability for Web sites to easily and quietly install software on your PC," said the hints and tips site. "Since this design flaw is one of the reasons [why] you may have originally chosen to abandon IE in favor of a safer browser like Firefox, you may wish to remove this extension with all due haste."
Although Microsoft states that the MS09-054 update also patches this vulnerable component, so be sure to apply it to any machine(s) you maintain.
From the article:
"While the vulnerability is in an IE component, there is an attack vector for Firefox users as well," admitted Microsoft engineers in a post to the company's Security Research & Defense blog on Tuesday. "The reason is that
According to annoyances.org: "This update adds to Firefox one of the most dangerous vulnerabilities present in all versions of Internet Explorer: the ability for Web sites to easily and quietly install software on your PC," said the hints and tips site. "Since this design flaw is one of the reasons [why] you may have originally chosen to abandon IE in favor of a safer browser like Firefox, you may wish to remove this extension with all due haste."
Although Microsoft states that the MS09-054 update also patches this vulnerable component, so be sure to apply it to any machine(s) you maintain.
