Microsoft plug-in for Firefox patched


Hidden in the record-breaking batch of security bulletins released by Microsoft earlier this week was one that addressed a vulnerability not in Microsoft's own product, but that of the rival Firefox browser from Mozilla. To put it bluntly, the critical bug that opened Firefox users to a critical risk is the result of Microsoft quietly pushing out an update via Windows Update eight months back.

The affected component would be the "Windows Presentation Foundation plug-in in Firefox" which typically comes via the .NET Framework 3.5 SP1. The problem is that this plug-in can be installed without the user's approval, according to Susan Bradley, a contributor to the Windows Secrets newsletter.

The danger is real, and Firefox users with the vulnerable plug-in only need to visit a rigged site to get compromised.

In addition, reports indicate that the original version of the plug-in was next to impossible to remove. This is because the "Uninstall" and "Disable" buttons for this particular plug-in are disabled by default, and removing them is complicated. The inability to easily uninstall it was later rectified in a May update.

While the latest update should resolve the issue, I would personally advocate removing the plug-in from computers you own or manage. Do a quick check of your Firefox; do you have this plug-in installed?

For more on this story:
- check out this article at Computerworld

Related Articles:
Is it only a myth that Firefox is more secure?
Mozilla plugs 13 holes in Firefox
Mega Patch Tuesday coming next week