While not good in the eyes of Microsoft to Google to install a plug-in Internet Explorer, an increase of the surface potential attack surface, when Microsoft do it to Firefox, is a different matter. Now a security hole was found in a plugin that Microsoft has been quietly installed in Firefox.
Set. NET Framework 3.5 SP1, Microsoft has been quietly installing a plug-in Windows Presentation Foundation that allows the integration of applications XAML (XML-based UI technology) in web pages, called XBAP (XAML Web App).
The exploit is drive-by, meaning that the victim only needs to be lured onto a web-page for the attack to be effective. The only safe thing to do until a patch is issued, is to open Firefox’s AddOn Manager and disable the WPF plugin.

Microsoft were caught earlier this year silently installing a “.NET Framework Assistant” plugin into Firefox, which could not initially be uninstalled. After some pressure from the press, Microsoft relented and provided an update to enable the uninstall button. That update then broke a number of other Firefox extensions.

The only thing that surprises me more, is that I’m not surprised that Microsoft could be this incompetent when it comes to the safety of all users of the web using Windows, regardless if they’re using IE or not.

This entry was posted on October 17, 2009 at 11:26 am. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Posted in World News by Breaking News No Comments Yet