Mozilla and Microsoft tangle on Firefox plug-in security
Monday, October 19, 2009
Microsoft and Mozilla got their signals crossed last week over a Windows plug-in called .NET Framework Assistant included by Microsoft in the Firefox browser for activation of add-on programs. Mozilla is blocking one vulnerable Microsoft add-on and blocked then unblocked another.
On Friday, Mozilla blocked the .NET Framework Assistant add-on for Firefox 3.5, citing difficulties some users had entirely removing the add-on, "and because of the severity of the risk it represents if not disabled," according to Mike Shaver, Mozilla's vice president of engineering, on the Mozilla security blog.
Shaver said Mozilla contacted Microsoft "to indicate that we were looking to disable the extension and plugin for all users via our blocklisting mechanism," according to the blog post. But on Sunday, Mozilla was trying to unblock the add-on for .NET Framework Assistant, as Shaver said the add-on did not pose a security vulnerability.
"We received confirmation from Microsoft this evening that the Framework Assistant add-on is not a mechanism for exploiting the vulnerabilities detailed in the earlier post, so we've removed it from the blocklist," Shaver said in his blog.
But a separate vulnerability exists for a Microsoft add-on that Mozilla said needs blocking for Firefox users. The vulnerability exists in the Windows Presentation Foundation (WPF), which is included in the .NET Framework Service Pack 1. Shaver said via Twitter that the "WPF plugin is the vector for the XBAP vuln via Firefox."
Related News:
Nearly 3,000 smartcard phones infected - 3.19.2010
Nearly 3,000 memory cards in HTC Magic smartphones released by Vodafone were infected by malware before purchase, Vodafone Spain reported on Friday. The initial scare came last week when a researcher for Panda Security discovered the breach on her newly purhcased phone.
Google removes malware-spreading site from searches - 3.19.2010
Google announced on Friday that DealsDirect, Australia's largest discount estore, was temporarily blocked from direct access by users after the search engine detected malware on the site.
Facebook bigger threat to web security than Twitter - 3.19.2010
The amount of information available on a person's Facebook profile page makes the popular social networking site more dangerous than other popular competitors such as Twitter, according to AVG Technologies.
Web security professionals skeptical of national broadband - 3.18.2010
Leading web security experts believe that the recently released National Broadband Program is potentially a major risk to national web security. As more people move from dial-up and other slower forms of internet access, they will be exposed to malware and be unable to handle it.
Authorities call for increased URL regulation - 3.18.2010
In an effort to attack malware at the root of the problem, the Federal Bureau of Investigation and the UK's Serious Organised Crime Agency submitted a new list of recommendations to the Internet Corporation for Assigned Names and Numbers that would make it more difficult to register a domain on the web, according to IT World Canada.
|
