Avast WEBforum
Other => General Topics => Topic started by: FreewheelinFrank on October 16, 2009, 08:08:01 PM
-
Remember that Microsoft .NET Framework Assistant add-on that Microsoft sneaked into Firefox without explicit permission from end users?
Well, the code in that add-on has a serious code execution vulnerability that exposes Firefox users to the “browse and you’re owned” attacks that are typically used in drive-by malware downloads.
The flaw was addressed in the MS09-054 bulletin that covered “critical” holes in Microsoft’s Internet Explorer but, as Redmond’s Security Research & Defense team explains, the drive-by download risk extends beyond Microsoft’s browser.
Now, Microsoft’s security folks are actually recommending that Firefox users uninstall the buggy add-on:
For Firefox users with .NET Framework 3.5 installed, you may use “Tools”-> “Add-ons” -> “Plugins”, select “Windows Presentation Foundation”, and click “Disable”.
http://blogs.zdnet.com/security/?p=4614&tag=trunk;content (http://blogs.zdnet.com/security/?p=4614&tag=trunk;content)
-
Remember that Microsoft .NET Framework Assistant add-on that Microsoft sneaked into Firefox without explicit permission from end users?
Well, the code in that add-on has a serious code execution vulnerability that exposes Firefox users to the “browse and you’re owned” attacks that are typically used in drive-by malware downloads.
The flaw was addressed in the MS09-054 bulletin that covered “critical” holes in Microsoft’s Internet Explorer but, as Redmond’s Security Research & Defense team explains, the drive-by download risk extends beyond Microsoft’s browser.
Now, Microsoft’s security folks are actually recommending that Firefox users uninstall the buggy add-on:
For Firefox users with .NET Framework 3.5 installed, you may use “Tools”-> “Add-ons” -> “Plugins”, select “Windows Presentation Foundation”, and click “Disable”.
http://blogs.zdnet.com/security/?p=4614&tag=trunk;content (http://blogs.zdnet.com/security/?p=4614&tag=trunk;content)
You provide as much glee as having to go to a dentist for a root canal operation without a dental plan.
-
The only bright side to this is if you don't use Firefox, this doesn't effect you.
This does however bring up the point that add-ons regardless of whom they come from,
can be dangerous. :(
-
The only bright side to this is if you don't use Firefox, this doesn't effect you.
This does however bring up the point that add-ons regardless of whom they come from,
can be dangerous. :(
...not mentioning here that Internet Explorer doesn't need those add-ons, as it uses their native counterparts directly in Windows ;D ...being as much a source of vulnerabilities as their sisters add-ons...for Firefox :) ...also, the MS add-ons were installed silently, like the worse spyware add-ons do when you get them else where than here: https://addons.mozilla.org/en-US/firefox/ ...just this time, the culprit was Microsoft, attempting shamelessly to render Firefox as vulnerable as IE is and always was. I have found these MS ad-ons and plugins a while ago, and didn't wait for MS to broadcast anything before I removed them.
-
that's the problem we talked about it a while ago in here
http://forum.avast.com/index.php?topic=45577.msg381862
I don't know why Microsoft do it with the programs which is not "Microsoft Product", personally I think (if we ignore Microsoft name) it's a suspicion behavior!
we install Firefox because we don't like Microsoft product, so why we should have it in there? it must change to an optional component.
-
exactly; Firefox was just meant to avoid all the vulnerabilities affecting Internet Explorer, and as far as I know the operation was successful. Add-ons can still be installed silently - from bad sites - so let's not forget that. And Microsoft attempt to "infect" Firefox with .net stuff etc..., using the same technique as the "bad guys" do, is very regrettable.
I don't bash Windows nor Microsoft in a general way, but this "incident " was unacceptable.
edit: those MS plugins and add-ons would be of no use for most internet users, so even as an option wouldn't make sense.
-
@Logos: it seems at least I found one person here who has a mind like mine about computer software! ;D
Add-ons can still be installed silently - from bad sites - so let's not forget that.
well, it has not been happened for me, at least since I know it's not possible to install add-ons from web without confirm. but yeah, that's right when you run a program (as administrator privileged Vista/7) it can install add-ons without your confirm and it's lake of security for Mozilla company product.
those MS plugins and add-ons would be of no use for most internet users, so even as an option wouldn't make sense.
even if it be useful only for one person, it would not hurt to have it in Mozilla Add-on sites to install on user request. don't be cruel to Microsoft ;) ;D
-
it's actually two different techniques: on one side MS installing silently an FF add-on, bypassing (of course ;D ) UAC. Firefox cannot stop this, that's impossible, it's a browser, not a HIPS ;)
And on the other side bad sites doing the same silently too, but from the web. This was obviously more likely to happen when Firefox (until 2.0) didn't have anything to react against this like a warning dialog like now. It has happened to me ;D, with FF 1.5 or 2.0 I can't remember. I found out when watching my firewall and then the extension list. I complained about it on Mozilazine forums, and they answered then that Firefox couldn't prevent these sort of attacks, and that it didn't have to, that I was responsible for visiting a bad site. Funny how a couple of versions later they introduced the protection we know ;D
-
Just wondering if any one else had this happen.
I started Firefox an about 10 minutes later a message popped up, telling me,
Windows Presentation Foundation 3.5.30729.1 (Plugin)
Microsoft. Net framework assistant 1.1 (Extention)
Has been blocked because of stability and security, and for Firefox to be restarted. The wording was different but i can not remember fully, what it said.
So they are still there but have been blocked, Disabled .
-
I don't use Firefox.
-
.NET Framework Assistant Blocked to Disarm Security Vulnerability (http://forum.avast.com/index.php?topic=49871.msg419838#new)
I probably won't get that message, Pete. I uninstalled Microsoft. Net framework assistant quite a while back using instructions in the MS knowledge base. I noticed the Windows Presentation Foundation one time when I was reviewing the list of plugins Firefox was using. I disabled it immediately.
I'm glad to hear Firefox has taken the initiative to block those two problematic add-ons.
-
I don't use Firefox.
Cheers YoKenny :)
.NET Framework Assistant Blocked to Disarm Security Vulnerability (http://forum.avast.com/index.php?topic=49871.msg419838#new)
I probably won't get that message, Pete. I uninstalled Microsoft. Net framework assistant quite a while back using instructions in the MS knowledge base. I noticed the Windows Presentation Foundation one time when I was reviewing the list of plugins Firefox was using. I disabled it immediately.
I'm glad to hear Firefox has taken the initiative to block those two problematic add-ons.
Thanks Alan :)
Yes it clears it up for me now, i was just curious.
-
Dear Forum,
Thank you all for the information. I have disabled both.
Extensions: 'Microsoft .NET Framework Assistant 1.1'
Plugins: 'Windows Presentation Foundation 3.5.30729'
I have three questions:
1. Is my computer now secure with these options disabled, but not uninstalled?
2. What do these objects actually do?
3. Is my Firefox 3.5.3 functionality now greatly impaired?
Thanks in advance,
Avastfan1
-
it's not about your computer overall security (might have other flaws than this ;) ) it's about the rest of your system being safe from flaws coming from MS extensions in Firefox. The answer is: yes, normally, yes. With IE there's no fix ;D ...except not using it.
-
Thank you for the reply. I am unfortunately a little confused though.
What do these objects actually do? - Normally?!?!?!?
Is FF 3.5.3's functionality greatly impaired? - Yes - How?!?!??!
If you could kindly provide some more information, that would be much appreciated.
Thanks!!
Avastfan1
-
Also,
I don't have the:
Windows Presentation Foundation 3.5.30729.1 (Plugin)
Microsoft. Net framework assistant 1.1 (Extension)
In Firefox, but I do have these:
Microsoft DRM Netscape Network object (plugin)
Microsoft DRM store Netscape plugin
Should these be disabled too?
RoRo
-
don't know how you managed to get these ;D yes of course they should be disabled.
-
Are you sure?
I have them as well.......
-
well unless you're a DRM worshiper ;)
-
Also,
I don't have the:
Windows Presentation Foundation 3.5.30729.1 (Plugin)
Microsoft. Net framework assistant 1.1 (Extension)
if you don't have them, it's mean you have not installed .Net Framework +3, don't worry, it's okay, just for some new programs you may get a warning that they need it to run.
In Firefox, but I do have these:
Microsoft DRM Netscape Network object (plugin)
Microsoft DRM store Netscape plugin
Should these be disabled too?
if you buy songs from a location which need these (or use some stuff else which need it), no, don't disable, but if not, you can disable them and re-enable them when you need them.
-
Thank you,
I don't purchase songs on line so I will disable them.
RoRo
-
Sorry for the repost, just that I am still a little uncertain.
1. What do these extensions and plugins actually do?
2. Is my computer (and Firefox) secure now that I have disabled:
Extensions: 'Microsoft .NET Framework Assistant 1.1'
Plugins: 'Windows Presentation Foundation 3.5.30729
but not disabled:
Plugin: Microsoft DRM 9.0.0.4503 - DRM Netscape Network Object
Plugin: Microsoft DRM 9.0.0.4503 - DRM Store Netscape Plugin?
3. Should I disable or uninstall the above?
4. If I did disable or uninstall them, what would the effect be on my system?
Thanks!
Avastfan1
-
Sorry for the repost, just that I am still a little uncertain.
it's ok, no problem ;)
1. What do these extensions and plugins actually do?
.Net Framwork plugin allow you run programs directly from Web/Internet
WPF: http://en.wikipedia.org/wiki/Windows_Presentation_Foundation
2. Is my computer (and Firefox) secure now that I have disabled:
Extensions: 'Microsoft .NET Framework Assistant 1.1'
Plugins: 'Windows Presentation Foundation 3.5.30729
Yes, Disable is enough, maybe one day you need them, so you can easily enable them, use them and then again disable it ;)
but not disabled:
Plugin: Microsoft DRM 9.0.0.4503 - DRM Netscape Network Object
Plugin: Microsoft DRM 9.0.0.4503 - DRM Store Netscape Plugin?
3. Should I disable or uninstall the above?
Yes, you can "Disable" them.
4. If I did disable or uninstall them, what would the effect be on my system?
You would "Prevent" running some application from "Web" into your computer when you are visiting unknown sites using that browser which has those Plugin/addons installed, usually all those applications are dangerous applications, so it's more safe we use none of those online applications. almost every good programs is available to download manually and scan via antivirus/spyware and then run inside computer, not using those plugins and online in browser.
Thanks!
you're welcome, I hope none of my advices are wrong.
-
Good questions, Avastfan1. Omid Farhang is giving you good advice on all four items.
but not disabled:
Plugin: Microsoft DRM 9.0.0.4503 - DRM Netscape Network Object
Plugin: Microsoft DRM 9.0.0.4503 - DRM Store Netscape Plugin?
3. Should I disable or uninstall the above?
Yes, you can "Disable" them.
You don't need to disable them to make Firefox more secure, but there's no need to leave them enabled if they're not being used.
4. If I did disable or uninstall them, what would the effect be on my system?
You would "Prevent" running some application from "Web" into your computer when you are visiting unknown sites using that browser which has those Plugin/addons installed, usually all those applications are dangerous applications, so it's more safe we use none of those online applications. almost every good programs is available to download manually and scan via antivirus/spyware and then run inside computer, not using those plugins and online in browser.
I agree. Disabling 'Microsoft .NET Framework Assistant 1.1' and 'Windows Presentation Foundation 3.5.30729' will make Firefox more secure. That's why Mozilla started doing that automatically twelve hours ago.
-
Dear Omid and Alan,
I thank you both very much for sharing your expertise and advice. It really is very much appreciated.
Enjoy the rest of the weekend!
Best wishes,
Avastfan1
-
You're welcome. Enjoy your weekend too!
-
Dear Omid and Alan,
I thank you both very much for sharing your expertise and advice. It really is very much appreciated.
Enjoy the rest of the weekend!
Best wishes,
Avastfan1
you're welcome
have fun!
-
Update: Mozilla took a move on this issue.
Mozilla Disables Microsoft's Insecure Firefox Add-on (http://voices.washingtonpost.com/securityfix/2009/10/mozilla_disables_microsofts_in.html)
-
Reads like a tempest in a teapot to me.
-
Of course, for IE users, it shouldn't be a problem.
To be honest, as a use of Firefox, it's quite shocking since this kind of vulnerability is tough to be recognized by the users. I linked Secunia's vulnerability reports at times but the info is pretty useless for this type of vulnerability. Also, some of us use browsers other than IE since IE is too tied to the OS. However, this kind of recognition is proven wrong when the OS "introduces" the same vulnerability with IE like in this case.
I leave the readers whether they take this as yet another anti-MS message or not (to be honest, I'm rather tired of "political" discussions simply because their repetitive nature) but, practically, as users, we have to deal with the outcome of any kind of vulnerability issues to protect our "assets", no matter how it managed to come into our systems.
-
This is really pissing me off now.
How can I re-enable this extension so I can then run the M$ uninstall fix?
I have decided to uninstall this extension (Microsoft. Net framework assistant 1.1). Yet the Micro$oft fix for the uninstall requires it to be enabled.
When I go to tools - Add-ons it is now listed as:
'Disabled for your own protection'.
The options and enable button are now greyed-out. Ironically only the uninstall button is able to be clicked.
However when I try and 'uninstall' it, Firefox restarts. Then when it reloads, it is still there! With the option to restart Firefox again.
-
This is really pissing me off now.
How can I re-enable this extension so I can then run the M$ uninstall fix?
I have decided to uninstall this extension (Microsoft. Net framework assistant 1.1). Yet the Micro$oft fix for the uninstall requires it to be enabled.
When I go to tools - Add-ons it is now listed as:
'Disabled for your own protection'.
The options and enable button are now greyed-out. Ironically only the uninstall button is able to be clicked.
However when I try and 'uninstall' it, Firefox restarts. Then when it reloads, it is still there! With the option to restart Firefox again.
Guess Mozilla's action in of listing the plugin in the Firefox plugin blocklist ironically made you impossible to uninstall it. Since it's disabled by blocklist, I think your Firefox is safe against the vulnerability but, if you don't like it, how about giving a try to the manual removal methods?
Remove the Microsoft .NET Framework Assistant (ClickOnce) Firefox Extension (http://www.annoyances.org/exec/show/article08-600)
How to remove the .NET Framework Assistant for Firefox (http://support.microsoft.com/kb/963707)
-
Thanks Rumple.
How do I know which of these two files to download?
http://www.microsoft.com/downloads/details.aspx?FamilyID=cecc62dc-96a7-4657-af91-6383ba034eab&displaylang=en#filelist (http://www.microsoft.com/downloads/details.aspx?FamilyID=cecc62dc-96a7-4657-af91-6383ba034eab&displaylang=en#filelist)
Typical Microcrap - no user-friendly explanation! ;)
Thanks!
-
Update:
Whoa! I just tried to click the uninstall button again in 'add-ons' and it worked!
It restarted and now Microsoft. Net framework assistant 1.1 is no longer on the list!
1. How can I be 100% sure it was correctly uninstalled?
2. Can I uninstall these plugins?
Windows Presentation Foundation 3.5.30729
Microsoft DRM 9.0.0.4503 - DRM Netscape Network Object
Microsoft DRM 9.0.0.4503 - DRM Store Netscape Plugin?
THANK YOU FOR YOUR PATIENCE! :)
-
Update:
Whoa! I just tried to click the uninstall button again in 'add-ons' and it worked!
It restarted and now Microsoft. Net framework assistant 1.1 is no longer on the list!
I guess you managed to remove it with the removal tool, then.
1. How can I be 100% sure it was correctly uninstalled?
I'm not sure but I would... 1. Check if it is not listed by typing "about:plugins" in the url window of FF. 2. Check your registry for the entry in the MS site I linked above (http://support.microsoft.com/kb/963707), which should be different depending on your system. 3. Check your folder "%SYSTEMDRIVE%\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\."
2. Can I uninstall these plugins?
Windows Presentation Foundation 3.5.30729
Microsoft DRM 9.0.0.4503 - DRM Netscape Network Object
Microsoft DRM 9.0.0.4503 - DRM Store Netscape Plugin?
THANK YOU FOR YOUR PATIENCE! :)
Again, I'm sorry to say that I'm not sure about this. I guess it's enough to disable it as other forum members suggested, which is what I did on my systems.
-
2. Can I uninstall these plugins?
Windows Presentation Foundation 3.5.30729
Microsoft DRM 9.0.0.4503 - DRM Netscape Network Object
Microsoft DRM 9.0.0.4503 - DRM Store Netscape Plugin?
Since they are files in your Microsoft software installations, I don't recommend attempting it. It might cause problems with other programs that are dependent on them. Fortunately, it's not necessary. Just click the Disable button for each of the two drm plugins through Tools > Add-ons > Plugins. You can do the same for the Windows Presentation Foundation plugin if Firefox hasn't already done that automatically.
-
Hi Firefox users,
Here you can find the Firefox add-on blocklist, and why they were blocked (issues, bugs, exploits):
https://www.mozilla.com/en-US/blocklist/
Strange when MS starts to silently install (and later has to revoke) and Mozilla starts to dictate what to block, well then some start to feel a little uncomfortable, but to block insecure extensions/add-ons can be advisable,
polonus
-
At this point, it's very simple. If you uninstalled it using the MS tool, it's gone.
If you didn't, it's already been blocked by Mozilla and therefore also can't do any harm.
End of story as far as I'm concerned.
-
At this point, it's very simple. If you uninstalled it using the MS tool, it's gone.
If you didn't, it's already been blocked by Mozilla and therefore also can't do any harm.
End of story as far as I'm concerned.
That would be my point as well, bob3160.
-
update: .NET Framework Assistant (ClickOnce support) unblocked
We received confirmation from Microsoft this evening that the Framework Assistant add-on is not a mechanism for exploiting the vulnerabilities detailed in the earlier post, so we’ve removed it from the blocklist. As the blocklist update propagates to clients, the add-on should be re-enabled for users who had it previously enabled.
http://shaver.off.net/diary/2009/10/18/update-net-framework-assistant-clickonce-support-unblocked
-
update: .NET Framework Assistant (ClickOnce support) unblocked
We received confirmation from Microsoft this evening that the Framework Assistant add-on is not a mechanism for exploiting the vulnerabilities detailed in the earlier post, so we’ve removed it from the blocklist. As the blocklist update propagates to clients, the add-on should be re-enabled for users who had it previously enabled.
http://shaver.off.net/diary/2009/10/18/update-net-framework-assistant-clickonce-support-unblocked
O.K. I searched the net a bit. According to an update of Microsoft Security team's blog (http://blogs.technet.com/srd/archive/2009/10/12/ms09-054.aspx)
Updated October 16, 2009 - updated blog post to clarify that Firefox users are protected from CVE-2009-2529 if they install the MS09-054 update.
MS09-054 was already given through the security update.
The update comment seem to have been there since 16th of October. So, therte must be a certain level of delay after the comment was published on the blog site. So, I guess we, Mozilla, too, were bit outdated as long as the information was concerned although it is also true that FF users had been open to the threat as well as IE users especially since the BlackHat conference in July.