Microsoft exposes Firefox users to drive-by malware downloads

[Avastfan1]

This is really pissing me off now.

How can I re-enable this extension so I can then run the M$ uninstall fix?

I have decided to uninstall this extension (Microsoft. Net framework assistant 1.1). Yet the Micro$oft fix for the uninstall requires it to be enabled.

When I go to tools - Add-ons it is now listed as:

'Disabled for your own protection'.

The options and enable button are now greyed-out. Ironically only the uninstall button is able to be clicked.

However when I try and 'uninstall' it, Firefox restarts. Then when it reloads, it is still there! With the option to restart Firefox again.

[Sesame]

This is really pissing me off now.

How can I re-enable this extension so I can then run the M$ uninstall fix?

I have decided to uninstall this extension (Microsoft. Net framework assistant 1.1). Yet the Micro$oft fix for the uninstall requires it to be enabled.

When I go to tools - Add-ons it is now listed as:

'Disabled for your own protection'.

The options and enable button are now greyed-out. Ironically only the uninstall button is able to be clicked.

However when I try and 'uninstall' it, Firefox restarts. Then when it reloads, it is still there! With the option to restart Firefox again.

Guess Mozilla's action in of listing the plugin in the Firefox plugin blocklist ironically made you impossible to uninstall it.  Since it's disabled by blocklist, I think your Firefox is safe against the vulnerability but, if you don't like it, how about giving a try to the manual removal methods?

Remove the Microsoft .NET Framework Assistant (ClickOnce) Firefox Extension
How to remove the .NET Framework Assistant for Firefox

[Avastfan1]

Thanks Rumple.

How do I know which of these two files to download?

http://www.microsoft.com/downloads/details.aspx?FamilyID=cecc62dc-96a7-4657-af91-6383ba034eab&displaylang=en#filelist

Typical Microcrap - no user-friendly explanation!

Thanks!

[Avastfan1]

Update:

Whoa! I just tried to click the uninstall button again in 'add-ons' and it worked!

It restarted and now Microsoft. Net framework assistant 1.1 is no longer on the list!

1. How can I be 100% sure it was correctly uninstalled?

2. Can I uninstall these plugins?

Windows Presentation Foundation 3.5.30729
Microsoft DRM 9.0.0.4503 - DRM Netscape Network Object
Microsoft DRM 9.0.0.4503 - DRM Store Netscape Plugin?

THANK YOU FOR YOUR PATIENCE!

[Sesame]

Update:

Whoa! I just tried to click the uninstall button again in 'add-ons' and it worked!

It restarted and now Microsoft. Net framework assistant 1.1 is no longer on the list!

I guess you managed to remove it with the removal tool, then.

1. How can I be 100% sure it was correctly uninstalled?

I'm not sure but I would...  1. Check if it is not listed by typing "about:plugins" in the url window of FF.  2. Check your registry for the entry in the MS site I linked above, which should be different depending on your system.  3. Check your folder "%SYSTEMDRIVE%\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\."

2. Can I uninstall these plugins?

Windows Presentation Foundation 3.5.30729
Microsoft DRM 9.0.0.4503 - DRM Netscape Network Object
Microsoft DRM 9.0.0.4503 - DRM Store Netscape Plugin?

THANK YOU FOR YOUR PATIENCE!

Again, I'm sorry to say that I'm not sure about this.  I guess it's enough to disable it as other forum members suggested, which is what I did on my systems.

[Alan Baxter]

2. Can I uninstall these plugins?

Windows Presentation Foundation 3.5.30729
Microsoft DRM 9.0.0.4503 - DRM Netscape Network Object
Microsoft DRM 9.0.0.4503 - DRM Store Netscape Plugin?

Since they are files in your Microsoft software installations, I don't recommend attempting it.  It might cause problems with other programs that are dependent on them.  Fortunately, it's not necessary.  Just click the Disable button for each of the two drm plugins through Tools > Add-ons > Plugins.  You can do the same for the Windows Presentation Foundation plugin if Firefox hasn't already done that automatically.

[polonus]

Hi Firefox users,

Here you can find the Firefox add-on blocklist, and why they were blocked (issues, bugs, exploits):
https://www.mozilla.com/en-US/blocklist/

Strange when MS starts to silently install (and later has to revoke) and Mozilla starts to dictate what to block, well then some  start to feel a little uncomfortable, but to block insecure extensions/add-ons can be advisable,

polonus

[bob3160]

At this point, it's very simple. If you uninstalled it using the MS tool, it's gone.
If you didn't, it's already been blocked by Mozilla and therefore also can't do any harm.
End of story as far as I'm concerned.

[Sesame]

At this point, it's very simple. If you uninstalled it using the MS tool, it's gone.
If you didn't, it's already been blocked by Mozilla and therefore also can't do any harm.
End of story as far as I'm concerned.

That would be my point as well, bob3160.

[YoKenny]

update: .NET Framework Assistant (ClickOnce support) unblocked

We received confirmation from Microsoft this evening that the Framework Assistant add-on is not a mechanism for exploiting the vulnerabilities detailed in the earlier post, so we’ve removed it from the blocklist. As the blocklist update propagates to clients, the add-on should be re-enabled for users who had it previously enabled.

http://shaver.off.net/diary/2009/10/18/update-net-framework-assistant-clickonce-support-unblocked

[Sesame]

update: .NET Framework Assistant (ClickOnce support) unblocked

We received confirmation from Microsoft this evening that the Framework Assistant add-on is not a mechanism for exploiting the vulnerabilities detailed in the earlier post, so we’ve removed it from the blocklist. As the blocklist update propagates to clients, the add-on should be re-enabled for users who had it previously enabled.

http://shaver.off.net/diary/2009/10/18/update-net-framework-assistant-clickonce-support-unblocked

O.K.  I searched the net a bit.  According to an update of Microsoft Security team's blog

Updated October 16, 2009 - updated blog post to clarify that Firefox users are protected from CVE-2009-2529 if they install the MS09-054 update.

MS09-054 was already given through the security update.

The update comment seem to have been there since 16th of October.  So, therte must be a certain level of delay after the comment was published on the blog site.  So, I guess we, Mozilla, too, were bit outdated as long as the information was concerned although it is also true that FF users had been open to the threat as well as IE users especially since the BlackHat conference in July.