EmptyTimCup
10-19-2009, 04:11 PM
:whistle:
not to be content having its own ####ed up browser ... M$ has gone on the road with new show ....
Microsoft exposes Firefox users to drive-by malware downloads
Remember that Microsoft .NET Framework Assistant add-on that Microsoft sneaked into Firefox without explicit permission from end users?
Well, the code in that add-on has a serious code execution vulnerability that exposes Firefox users to the “browse and you’re owned” attacks that are typically used in drive-by malware downloads.
Now, Microsoft’s security folks are actually recommending that Firefox users uninstall the buggy add-on:
For Firefox users with .NET Framework 3.5 installed, you may use “Tools”-> “Add-ons” -> “Plugins”, select “Windows Presentation Foundation”, and click “Disable”.
This introduction of vulnerabilities in a competing browser is a colossal embarrassment for Microsoft. At the time of the surreptitious installs, there were prescient warnings from many in the community about the security implications of introducing new code into browsers without the knowledge — and consent — of end users.
not to be content having its own ####ed up browser ... M$ has gone on the road with new show ....
Microsoft exposes Firefox users to drive-by malware downloads
Remember that Microsoft .NET Framework Assistant add-on that Microsoft sneaked into Firefox without explicit permission from end users?
Well, the code in that add-on has a serious code execution vulnerability that exposes Firefox users to the “browse and you’re owned” attacks that are typically used in drive-by malware downloads.
Now, Microsoft’s security folks are actually recommending that Firefox users uninstall the buggy add-on:
For Firefox users with .NET Framework 3.5 installed, you may use “Tools”-> “Add-ons” -> “Plugins”, select “Windows Presentation Foundation”, and click “Disable”.
This introduction of vulnerabilities in a competing browser is a colossal embarrassment for Microsoft. At the time of the surreptitious installs, there were prescient warnings from many in the community about the security implications of introducing new code into browsers without the knowledge — and consent — of end users.