Mozilla announced that the recent update of the .NET Framework Assistant which was updated during the recent auto updated had serious security vulnerability, and Microsoft is recommending that all users disable the add-on.
The popup announcing this said that the ‘following addons have been known to cause stability or security issues with Firefox and hence will be disabled.’ Thanks, Mozilla team, for hitting the kill switch and hopefully this will get Microsoft to release a patch sooner.” Mozilla explains on its security blog that they have gotten in touch with Microsoft. In the mean while Firefox team has put the blocklist entry live immediately. (Some users are already seeing it disabled, less than an hour after the Mozilla team added it to the blocklist!)
How does this attack work? “All that is needed is for a user to be lured to a malicious website,” Microsoft said. Triggering this vulnerability involves the use of a malicious XBAP (XAML Browser Application).
Microsoft says “The flaw is a bad one, but users who have installed the MS09-054 IE update, released Tuesday are protected from this attack, “regardless of the attack vector,”
To protect users who may not have installed Microsoft’s patch, Mozilla is automatically blocking two add-ons: the Microsoft .Net Framework Assistant and a related plugin called the Windows Presentation Foundation.
Comments are closed.