Saturday, October 17, 2009

Pingie: HTTP:: Mozilla Blacklists Microsoft 039 s Vulnerable Plug in for Firefox

HTTP:: Mozilla Blacklists Microsoft 039 s Vulnerable Plug in for Firefox
--------
Microsoft's recent Patch Tuesday addressed a remote code execution vulnerability affecting the Windows Presentation Foundation (WPF) hosting process. Mozilla acted to protect its users by adding the Windows Presentation Foundation plug-in for Firefox to its blocklist, along with the .NET Framework Assistant extension. With Service Pack 1 update for Microsoft .NET Framework 3.5, released back in August 2008, Microsoft also added ClickOnce support for Firefox in the form of a Firefox extension called Microsoft .NET Framework Assistant. A related Windows Presentation Foundation plug-in has also been installed in the browser to support other .NET Framework features. These two add-ons were installed surreptitiously at machine level, without the user's consent, an action that at the time enraged many security-conscious Firefox users. This method of deployment also caused the Uninstall button for the .NET Framework Assistant extension to be grayed out, a problem that Microsoft l!
ater fixed. A remote code execution vulnerability discovered and presented at the Black Hat security conference by Mark Dowd, Ryan Smith, and David Dewey has been addressed as part of the MS09-054 security bulletin released on October 13. This bug can be exploited by tricking users into visiting a page that loads a m...
--------
http://news.softpedia.com/news/Firefox-Blacklists-Microsoft-039-s-Vulnerable-Plug-in-124597.shtml
--------
This e-mail was sent by Experiment23 Inc., located in New York, NY
10163. To not receive further e-mails, please visit
http://help.pingie.com

No comments:

Post a Comment