Microsoft exposes Firefox users to drive-by malware downloads

[FreewheelinFrank]

Remember that Microsoft .NET Framework Assistant add-on that Microsoft sneaked into Firefox without explicit permission from end users?

Well, the code in that add-on has a serious code execution vulnerability that exposes Firefox users to the “browse and you’re owned” attacks that are typically used in drive-by malware downloads.

The flaw was addressed in the MS09-054 bulletin that covered “critical” holes in Microsoft’s Internet Explorer but, as Redmond’s Security Research & Defense team explains, the drive-by download risk extends beyond Microsoft’s browser.

Now, Microsoft’s security folks are actually recommending that Firefox users uninstall the buggy add-on:

For Firefox users with .NET Framework 3.5 installed, you may use “Tools”-> “Add-ons” -> “Plugins”, select “Windows Presentation Foundation”, and click “Disable”.

http://blogs.zdnet.com/security/?p=4614&tag=trunk;content

[YoKenny]

Remember that Microsoft .NET Framework Assistant add-on that Microsoft sneaked into Firefox without explicit permission from end users?

Well, the code in that add-on has a serious code execution vulnerability that exposes Firefox users to the “browse and you’re owned” attacks that are typically used in drive-by malware downloads.

The flaw was addressed in the MS09-054 bulletin that covered “critical” holes in Microsoft’s Internet Explorer but, as Redmond’s Security Research & Defense team explains, the drive-by download risk extends beyond Microsoft’s browser.

Now, Microsoft’s security folks are actually recommending that Firefox users uninstall the buggy add-on:

For Firefox users with .NET Framework 3.5 installed, you may use “Tools”-> “Add-ons” -> “Plugins”, select “Windows Presentation Foundation”, and click “Disable”.

http://blogs.zdnet.com/security/?p=4614&tag=trunk;content

You provide as much glee as having to go to a dentist for a root canal operation without a dental plan.

[bob3160]

The only bright side to this is if you don't use Firefox, this doesn't effect you.

This does however bring up the point that add-ons regardless of whom they come from,
can be dangerous. 

[Hermite15]

The only bright side to this is if you don't use Firefox, this doesn't effect you.

This does however bring up the point that add-ons regardless of whom they come from,
can be dangerous.  

...not mentioning here that Internet Explorer doesn't need those add-ons, as it uses their native counterparts directly in Windows   ...being as much  a source of vulnerabilities as their sisters add-ons...for Firefox   ...also, the MS add-ons were installed silently, like the worse spyware add-ons do when you get them else where than here: https://addons.mozilla.org/en-US/firefox/ ...just this time, the culprit was Microsoft, attempting shamelessly to render Firefox as vulnerable as IE is and always was. I have found these MS ad-ons and plugins a while ago, and didn't wait for MS to broadcast anything before I removed them.

[Omid Farhang]

that's the problem we talked about it a while ago in here

http://forum.avast.com/index.php?topic=45577.msg381862

I don't know why Microsoft do it with the programs which is not "Microsoft Product", personally I think (if we ignore Microsoft name) it's a suspicion behavior!
we install Firefox because we don't like Microsoft product, so why we should have it in there? it must change to an optional component.

[Hermite15]

exactly; Firefox was just meant to avoid all the vulnerabilities affecting Internet Explorer, and as far as I know the operation was successful. Add-ons can still be installed silently - from bad sites - so let's not forget that. And Microsoft attempt to "infect" Firefox with .net stuff etc..., using the same technique as the "bad guys" do, is very regrettable.
 I don't bash Windows nor Microsoft in a general way, but this "incident " was unacceptable.

edit: those MS plugins and add-ons would be of no use for most internet users, so even as an option wouldn't make sense.

[Omid Farhang]

@Logos: it seems at least I found one person here who has a mind like mine about computer software! 

Add-ons can still be installed silently - from bad sites - so let's not forget that.

well, it has not been happened for me, at least since I know it's not possible to install add-ons from web without confirm. but yeah, that's right when you run a program (as administrator privileged Vista/7) it can install add-ons without your confirm and it's lake of security for Mozilla company product.

those MS plugins and add-ons would be of no use for most internet users, so even as an option wouldn't make sense.

even if it be useful only for one person, it would not hurt to have it in Mozilla Add-on sites to install on user request. don't be cruel to Microsoft

[Hermite15]

it's actually two different techniques: on one side MS installing silently an FF add-on, bypassing (of course   ) UAC. Firefox cannot stop this, that's impossible, it's a browser, not a HIPS  
 And on the other side bad sites doing the same silently too, but from the web. This was obviously more likely to happen when Firefox (until 2.0) didn't have anything to react against this like a warning dialog like now. It has happened to me  , with FF 1.5 or 2.0 I can't remember. I found out when watching my firewall and then the extension list. I complained about it on Mozilazine forums, and they answered then that Firefox couldn't prevent these sort of attacks, and that it didn't have to, that I was responsible for visiting a bad site. Funny how a couple of versions later they introduced the protection we know  

[pete319]

Just wondering if any one else had this happen.

I started Firefox an about 10 minutes later a message popped up, telling me,
Windows Presentation Foundation 3.5.30729.1 (Plugin)
Microsoft. Net framework assistant 1.1           (Extention)
Has been blocked because of stability and security, and for Firefox to be restarted.  The wording was different but i can not remember fully, what it said.

So they are still there but have been blocked, Disabled .

[YoKenny]

I don't use Firefox.

[Alan Baxter]

.NET Framework Assistant Blocked to Disarm Security Vulnerability
I probably won't get that message, Pete.  I uninstalled Microsoft. Net framework assistant quite a while back using instructions in the MS knowledge base.  I noticed the Windows Presentation Foundation one time when I was reviewing the list of plugins Firefox was using.  I disabled it immediately.

I'm glad to hear Firefox has taken the initiative to block those two problematic add-ons.

[pete319]

I don't use Firefox.

Cheers YoKenny 

.NET Framework Assistant Blocked to Disarm Security Vulnerability
I probably won't get that message, Pete.  I uninstalled Microsoft. Net framework assistant quite a while back using instructions in the MS knowledge base.  I noticed the Windows Presentation Foundation one time when I was reviewing the list of plugins Firefox was using.  I disabled it immediately.

I'm glad to hear Firefox has taken the initiative to block those two problematic add-ons.

Thanks Alan
Yes it clears it up for me now, i was just curious.

[Avastfan1]

Dear Forum,

Thank you all for the information. I have disabled both.

Extensions: 'Microsoft .NET Framework Assistant 1.1'
Plugins: 'Windows Presentation Foundation 3.5.30729'

I have three questions:

1. Is my computer now secure with these options disabled, but not uninstalled?

2. What do these objects actually do?

3. Is my Firefox 3.5.3 functionality now greatly impaired?

Thanks in advance,

Avastfan1

[Hermite15]

it's not about your computer overall security (might have other flaws than this  ) it's about the rest of your system being safe from flaws coming from MS extensions in Firefox. The answer is: yes, normally, yes. With IE there's no fix  ...except not using it.

[Avastfan1]

Thank you for the reply. I am unfortunately a little confused though.

What do these objects actually do? - Normally?!?!?!?
Is FF 3.5.3's functionality greatly impaired? - Yes   - How?!?!??!

If you could kindly provide some more information, that would be much appreciated.

Thanks!!

Avastfan1