Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Compare cell phone plans using Wirefly's innovative plan comparison tool ×
Microsoft

Submission + - Microsoft Plubin puts Firefox users at risk. (itworldcanada.com)

cbiltcliffe writes: The 'Windows Presentation Foundation' plugin that the .NET framework installs in Firefox is vulnerable to the same "browse-and-get-owned" situation that Internet Explorer is.

From the article:

"While the vulnerability is in an IE component, there is an attack vector for Firefox users as well," admitted Microsoft engineers in a post to the company's Security Research & Defense blog on Tuesday. "The reason is that .NET Framework 3.5 SP1 installs a 'Windows Presentation Foundation' plug-in in Firefox."
According to annoyances.org: "This update adds to Firefox one of the most dangerous vulnerabilities present in all versions of Internet Explorer: the ability for Web sites to easily and quietly install software on your PC," said the hints and tips site. "Since this design flaw is one of the reasons [why] you may have originally chosen to abandon IE in favor of a safer browser like Firefox, you may wish to remove this extension with all due haste."

Although Microsoft states that the MS09-054 update also patches this vulnerable component, so be sure to apply it to any machine(s) you maintain.

Slashdot Top Deals

The most difficult thing in the world is to know how to do a thing and to watch someone else doing it wrong, without commenting. -- T.H. White

Working...