| Page 1 of 1 |
|
|
 Posted: Sun, 31st May 2009 23:38 Post subject: Microsoft Sabotaging Firefox With Sneaky .NET Updates? |
|
 |
http://startupearth.com/2009/05/31/microsoft-sabotaging-firefox-with-sneaky-net-updates/
| Quote: |
Sabotage may be a strong choice of word, but it immediately came to mind with the news of Microsoft’s latest .NET update.
The Microsoft .NET Framework 3.5 Service Pack 1, unleashed in February, forces an undisclosed Firefox extension on Windows users, called “Microsoft .NET Framework Assistant 1.0″, and it does so without asking the users permission.
To add insult to injury, the extension not only injects a serious security vulnerability into Firefox (also present in Internet Explorer), but it disables the uninstall button, meaning the only way to get rid of it, is to edit the Windows registry - a course of action not recommended for your usual non-tech-savvy user, as dabbling in the dark arts of registry editing can open you up to a slew of problems, and potentially kill Windows altogether.
A report by annoyances.org ominously states..
| Quote: | | “This update adds to Firefox one of the most dangerous vulnerabilities present in all versions of Internet Explorer: the ability for websites to easily and quietly install software on your PC. Since this design flaw is one of the reasons you may’ve originally choosen to abandon IE in favor of a safer browser like Firefox, you may wish to remove this extension with all due haste.” |
The official purpose of the add-on is to add ‘One-Click’ support and the ability to report installed .NET framework versions to the web server, but it also allows websites to install software on a users PC without their knowledge. This is a very serious security flaw that effectively turns Firefox into an open gateway for malware, much like Microsoft’s own web browser, Internet Explorer.
At best, one could call this stealth install a serious conflict of interest between competing browsers - at worst, it’s out-and-out sabotage, not only of a user’s PC, but of Firefox itself, which has gained a reputation for stability and security, much to the chagrin of Microsoft.
In forcing this add-on down the throats of faithful Firefox users, Microsoft have circumvented the more honest approach to installing Firefox extensions, via the offical Mozilla Add-ons page, betraying the trust of its users in the process.
Microsoft Internet Explorer currently enjoys a market share of 66% due only to it’s forced integration with the Windows operating system, but Firefox is rapidly gaining ground, currently at an estimated 22% and climbing. Being a competitor in the browser market, Microsoft have absolutely no business injecting stealth add-ons into Firefox, let alone blocking them from the uninstall process.
If you’ve been affected by this malicious update, you can follow the removal instructions provided by annoyances.org. |
http://startupearth.com/2009/05/31/microsoft-sabotaging-firefox-with-sneaky-net-updates/
Removal:
http://annoyances.org/exec/show/article08-600
The vulnerability is serious. Allows installation of anything on your computer, as well as loading any DLL on your computer. Thought you might wanna remove it 
|
|
| Back to top |
|
|
|
|
| Posted: Sun, 31st May 2009 23:43 Post subject: |
|
|
| Quote: |
To add insult to injury, the extension not only injects a serious security vulnerability into Firefox (also present in Internet Explorer), but it disables the uninstall button, meaning the only way to get rid of it, is to edit the Windows registry
|
Odd. I didn't even know I had this addon - but checking the Addons tab shows a fully functioning "uninstall" button - and it works too, without reg-editing.
|
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
|
|
| Posted: Mon, 1st Jun 2009 00:24 Post subject: |
|
|
Are you using latest stable Firefox ? 3.0.10 ?
Maybe MS changed the installation of this update at some point to NOT disable the uninstall option (later)
Later edit : Oh, yeah, you have 1.1, most of us have 1.0
Last edited by VGAdeadcafe on Mon, 1st Jun 2009 03:38; edited 1 time in total
|
|
| Back to top |
|
|
LeoNatan
☢ NFOHump Despot ☢
Posts: 73196
Location: Ramat Gan, Israel 🇮🇱
|
| Posted: Mon, 1st Jun 2009 00:32 Post subject: |
|
|
I've had this crap disabled since who knows when. Didn't know it was vulnerable, but didn't want it running with ffox anyway.
|
|
| Back to top |
|
|
|
|
| Posted: Mon, 1st Jun 2009 00:38 Post subject: |
|
|
I didn't care that much because I'm a happy opera user, but I'm uninstalling it right now, after I realized, that I need the FF to play quake live 
|
|
| Back to top |
|
|
|
|
| Posted: Mon, 1st Jun 2009 02:11 Post subject: |
|
|
| VGAdeadcafe wrote: | Are you using latest stable Firefox ? 3.0.10 ?
Maybe MS changed the installation of this update at some point to NOT disable the uninstall option (later) |
Aye, 3.0.10 bud. This update was released back in Feb, so yeah.. it stands a good chance that the "cannot uninstall" glitch/whatever was fixed in the meantime.
|
|
| Back to top |
|
|
Rinze
Site Admin
Posts: 2343
|
| Posted: Mon, 1st Jun 2009 03:02 Post subject: Re: Microsoft Sabotaging Firefox With Sneaky .NET Updates? |
|
|
| tainted4ever wrote: | | The vulnerability is serious. Allows installation of anything on your computer, as well as loading any DLL on your computer. |
PoC please
|
|
| Back to top |
|
|
|
|
| Posted: Mon, 1st Jun 2009 03:13 Post subject: Re: Microsoft Sabotaging Firefox With Sneaky .NET Updates? |
|
|
| Rinze wrote: | | tainted4ever wrote: | | The vulnerability is serious. Allows installation of anything on your computer, as well as loading any DLL on your computer. |
PoC please |
You are running 1.1. The update involved is 1.0. I have 1.0 and the uninstall button is not selectable. Time to manually uninstall it! I hate microsoft!
RYZEN 5 2600|RADEON 570| |ASRock X370 Killer|DDR4@2800Mhz||Corsair SPEC-05 Case|AOC G2590FX 24.5''144hz 1ms|
|
|
| Back to top |
|
|
|
|
| Posted: Mon, 1st Jun 2009 03:30 Post subject: Re: Microsoft Sabotaging Firefox With Sneaky .NET Updates? |
|
|
| Rinze wrote: | | tainted4ever wrote: | | The vulnerability is serious. Allows installation of anything on your computer, as well as loading any DLL on your computer. |
PoC please |
Can't find any. Just relaying word of mouth.
|
|
| Back to top |
|
|
|
|
| Posted: Mon, 1st Jun 2009 03:57 Post subject: |
|
|
I uninstalled 1.0 following link in post#1. Had to go thru reg edit, etc...Thanks!
RYZEN 5 2600|RADEON 570| |ASRock X370 Killer|DDR4@2800Mhz||Corsair SPEC-05 Case|AOC G2590FX 24.5''144hz 1ms|
|
|
| Back to top |
|
|
Rinze
Site Admin
Posts: 2343
|
| Posted: Mon, 1st Jun 2009 04:12 Post subject: Re: Microsoft Sabotaging Firefox With Sneaky .NET Updates? |
|
|
| tainted4ever wrote: | | Rinze wrote: | | tainted4ever wrote: | | The vulnerability is serious. Allows installation of anything on your computer, as well as loading any DLL on your computer. |
PoC please |
Can't find any. Just relaying word of mouth. |
Thought so, neither claim is true then.
|
|
| Back to top |
|
|
LeoNatan
☢ NFOHump Despot ☢
Posts: 73196
Location: Ramat Gan, Israel 🇮🇱
|
| Posted: Mon, 1st Jun 2009 04:25 Post subject: |
|
|
The media always likes to come with bombastic and way over-reactive statements to fuel on paranoia. And it works, doesn't it? It has probably been posted on several sites, just like here, and the site has got some publicity.
|
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
|
|
| Posted: Mon, 1st Jun 2009 13:29 Post subject: |
|
|
thanks. i removed the crap
|
|
| Back to top |
|
|
|
|
| Posted: Mon, 19th Oct 2009 22:09 Post subject: |
|
|
|
|
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
| Page 1 of 1 |
All times are GMT + 1 Hour |
