Firefox Foils Microsoft's Security Hole

Today's Best Tech Deals

Picked by PCWorld's Editors

Top Deals On Great Products

Picked by Techconnect's Editors

If you use Firefox, you may have already seen a pop-up from your browser alerting you that it is blocking the Microsoft .NET Framework Assistant and Windows Presentation Foundation add-ons. It's for good reason.

As of today, Mozilla's browser will automatically disable Microsoft's addon and plugin because of a gaping security hole that allows for drive-by-download attacks. The flaw lies in the Windows Presentation Foundation plug-in that is installed by the .NET add-on.

According to a Microsoft Security Research & Defense blog post, anyone who has applied the MS09-054 security patch (available via Windows Update) is safe from a potential attack against ths flaw, regardless of whether the attack comes via IE or the WPF plug-in. But since Microsoft automatically installed the add-on earlier this year without asking the user's permission, Redmond should be red-faced after this fiasco.

Note: When you purchase something after clicking links in our articles, we may earn a small commission. Read our affiliate link policy for more details.
  
Shop Tech Products at Amazon