Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Microsoft

Submission + - Microsoft Plubin puts Firefox users at risk. (itworldcanada.com)

cbiltcliffe writes: The 'Windows Presentation Foundation' plugin that the .NET framework installs in Firefox is vulnerable to the same "browse-and-get-owned" situation that Internet Explorer is.

From the article:

"While the vulnerability is in an IE component, there is an attack vector for Firefox users as well," admitted Microsoft engineers in a post to the company's Security Research & Defense blog on Tuesday. "The reason is that .NET Framework 3.5 SP1 installs a 'Windows Presentation Foundation' plug-in in Firefox."
According to annoyances.org: "This update adds to Firefox one of the most dangerous vulnerabilities present in all versions of Internet Explorer: the ability for Web sites to easily and quietly install software on your PC," said the hints and tips site. "Since this design flaw is one of the reasons [why] you may have originally chosen to abandon IE in favor of a safer browser like Firefox, you may wish to remove this extension with all due haste."

Although Microsoft states that the MS09-054 update also patches this vulnerable component, so be sure to apply it to any machine(s) you maintain.

Slashdot Top Deals

In every hierarchy the cream rises until it sours. -- Dr. Laurence J. Peter

Working...