Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×
Microsoft

Submission + - Microsoft Plubin puts Firefox users at risk. (itworldcanada.com)

cbiltcliffe writes: The 'Windows Presentation Foundation' plugin that the .NET framework installs in Firefox is vulnerable to the same "browse-and-get-owned" situation that Internet Explorer is.

From the article:

"While the vulnerability is in an IE component, there is an attack vector for Firefox users as well," admitted Microsoft engineers in a post to the company's Security Research & Defense blog on Tuesday. "The reason is that .NET Framework 3.5 SP1 installs a 'Windows Presentation Foundation' plug-in in Firefox."
According to annoyances.org: "This update adds to Firefox one of the most dangerous vulnerabilities present in all versions of Internet Explorer: the ability for Web sites to easily and quietly install software on your PC," said the hints and tips site. "Since this design flaw is one of the reasons [why] you may have originally chosen to abandon IE in favor of a safer browser like Firefox, you may wish to remove this extension with all due haste."

Although Microsoft states that the MS09-054 update also patches this vulnerable component, so be sure to apply it to any machine(s) you maintain.

Slashdot Top Deals

Any given program will expand to fill available memory.

Working...