Firefox Foils Microsoft's Security Hole

By Erik Larkin, PCWorld Oct 17, 2009 4:58 PM

If you use Firefox, you may have already seen a pop-up from your browser alerting you that it is blocking the Microsoft .NET Framework Assistant and Windows Presentation Foundation add-ons. It's for good reason.

As of today, Mozilla's browser will automatically disable Microsoft's addon and plugin because of a gaping security hole that allows for drive-by-download attacks. The flaw lies in the Windows Presentation Foundation plug-in that is installed by the .NET add-on.

According to a Microsoft Security Research & Defense blog post, anyone who has applied the MS09-054 security patch (available via Windows Update) is safe from a potential attack against ths flaw, regardless of whether the attack comes via IE or the WPF plug-in. But since Microsoft automatically installed the add-on earlier this year without asking the user's permission, Redmond should be red-faced after this fiasco.

Would you recommend this story? YES NO

Comments

Lenovo IdeaPad

See why the IdeaPad tablet is optimized for ultimate entertainment.

Visit the Lenovo showcase.

Stellar Tech Deals

Don't miss out on great deals from around the web.

Subscribe to the Bargain Bulletin

Similar Articles:

Security Alert

Microsoft Ruining Valentine's Day with Nine Security Bulletins Microsoft shared its Patch Tuesday preview, revealing that there are nine security bulletins on the agenda for next week.
Hackers Ask 'Will You Be My Valentine?' With Valentine's Day around the corner, cyber criminals are ramping up spam, phishing, and other attacks targeting the lover's holiday.
'Do Not Track' Tool Promises Page Loads Up to Four Times Faster A running counter in this cross-platform browser add-on shows users how many tracking attempts have been blocked, and from which companies.
Google's New 'Bouncer' Targets Android Market Malware Last year saw a 40 percent drop in malicious app downloads, the company says.

Best Prices on Antivirus Software

Norton Antivirus 2012 (Full Product, 3 PCs) $21.99 and up See All Prices
AntiVirus Plus 2012 - Subscription Package - 1 PC $13.50 and up See All Prices
Anti-Virus 2012 (Full Product, 3 Users) $27.96 and up See All Prices
Antivirus with Spy Sweeper $17.00 and up See All Prices

See all Best Prices on Antivirus Software »

See also: Best Prices on Security Software, Firewalls

All PCWorld Blogs

Love and Romance in Game On Podcast #6 Valentine's Day is all about celebrating love and romance in our daily lives, but can you remember the last time you had a meaningful relationship in a video game? Join the PCWorld Editors as they take a light-hearted look at how games can help us learn to love again on this holiday edition of the PCWorld Game On Podcast.
Angry Birds Flocks to Facebook The popular mobile device game comes with new levels exclusive to Facebook, virtual prizes and the ability to send free gifts to your friends and compete for high scores.
Game Boy Runs Android: Best Hack Ever? The PSP Vita may be out next week, but who needs that when you can have a Game Boy running Android?
Hang Your Favorite Photos at a Virtual Museum Display your favorite digital photographs in famous settings with this fun mash-up project.

Subscribe to the Security & Privacy Newsletter - weekly

See All Newsletters »

12 Criteria for Selecting the Best ERP System Replacement An ERP system is your information backbone and reaches into all areas of your business and value chain. Replacing it can open unlimited business opportunities. This white paper explains the 12 criteria that allow you to identify and select the solution that will meet these expectations.
Leveraging Social Computing Technologies for ERP Applications This white paper details how Web 2.0 technologies support business strategies by improving efficiency, productivity, and collaboration.

Today's Special Offers

Editors' Picks

Name	City

Address 1	State	Zip

Address 2	E-mail (optional)