29 replies to this topic

[chimpy]

FF just popped up and disabled my windows presentation foundation 3.5.30729.1 and said it was for my protection It said I had to close the browser to implement the change but when I checked the plug in it was already disabled and no button visable to enable it, I click on the "more info" link that was there but the list it gave did not mention WPF, I closed my browser which was running sandboxed and re opened it and WPF is enabled and FF has just given me another pop up about it ..

Anyone else have this?



EDIT

I have post a question about it on the forums and found this link while googling http://www.tomsguide.com/us/Firefox-Micros...,news-4888.html makes for a interesting read.

[mountaintree16]

@ Chimpy

I don't have that add-on, no. That's a strange thing to happen, I hope someone might know what's going on.

[calintexas]

Mine just did the same thing. .Net 3.5 put the plugin there. It's likely this week's updates caused the issue. I wouldn't worry too much about it. There are questions about whether you really want the WPF attached to Firefox anyway.

[chimpy]

Thanks Mountaintree16 and calintexas, It seems its been vunrable for some time in the artical I found so I am probably safer without it, Glad I surf sandboxed after reading it!

[catscomputer]

Which version of firefox are you using? I have the same WPF plugin (and it's enabled), and so far I've not had this warning. I am using FF 3.5.3.

[prairie dog]

catscomputer, on Oct 16 2009, 10:31 PM, said:

Which version of firefox are you using? I have the same WPF plugin (and it's enabled), and so far I've not had this warning. I am using FF 3.5.3.

Same here. No issues so far

[Strangedays]

I just got mine disabled

[mountaintree16]

@ Chimpy

You're welcome. I am sorry I wasn't more helpful, though.

I have no idea what this add-on is. Only windows thing I have on my add-ons is Windows Media Player Dynamic Link Library.

[Strangedays]

Blocked plugins

[AdvancedSetup]

It should be disabled. One of the news magazines posted about this just today where it can be a victim of a drive by malware attack.

[mountaintree16]

@ AdvancedSetup

Thanks for the confirmation!

I've never even heard of it till this post, I wonder where it came from and why its even in the FF add-ons list :/

[exile360]

It came from Microsoft .

[mountaintree16]

@ Exile

Thanks.

Hmm I wonder why.

[AdvancedSetup]

Microsoft exposes Firefox users to drive-by malware downloads
blogs.zdnet.com/security/?p=4614

Sneaky Microsoft plug-in puts Firefox users at risk
www.computerworld.com/s/article/9139459/Sneaky_Microsoft_plug_in_puts_Firefox_users_at_risk

http://blogs.technet.com/srd/archive/2009/...y-bulletin.aspx

[chimpy]

Ah thanks alot everyone, I see that it is now on FF blocked list as it was not last night, I had .NET disabled but when it changed to WPF I forgot to disable that. Good job FF is looking out for us.

@catscomputer I use the same FF as you 3.5.3

[prairie dog]

AdvancedSetup, on Oct 17 2009, 01:05 AM, said:

It should be disabled. One of the news magazines posted about this just today where it can be a victim of a drive by malware attack.

Thanks AS. I'll be disabling mine now

[prairie dog]

just noticed that Firefox automatically disabled WPF and also MS .NET framework assistant. Good looking out FF

[catscomputer]

@AdvancedSetup

Thanks heaps for the info. I've disabled WPF plugin now too.

That article you linked to mentions the sliverlight plugin: http://blogs.technet.com/srd/archive/2009/...y-bulletin.aspx

Should that plugin be disabled too?

[mountaintree16]

Thanks for the article, Ron. I don't completely understand it though, I'll re-read it a few times

Ick.

Why would Microsoft do that?

I'm glad that FF is on top of this, though

Edit: Last February? :/

and this?

Quote

What was particularly galling to users was that once installed, the .NET add-on was virtually impossible to remove from Firefox. The usual "Disable" and "Uninstall" buttons in Firefox's add-on list were grayed out on all versions of Windows except Windows 7, leaving most users no alternative other than to root through the Windows registry, a potentially dangerous chore, since a misstep could cripple the PC.

:/

Quote

According to Microsoft, the vulnerability is "critical," and also can be exploited against users running any version of IE, including IE8.

I don't really get that, has the IE vulnerability been patched?

I'm just glad that I don't have the WPF add-on! What is wrong with Microsoft?

[mountaintree16]

@ Catscomputer

Did you see this:

Quote

Please note that Silverlight 3 is not affected by this bulletin. Users who have upgraded to Silverlight 3 are not vulnerable to attacks from malicious Silverlight applications.

and this:

Quote

2. Temporarily disable Silverlight

a. This workaround is not applicable for Silverlight 3 users as Silverlight 3 is not vulnerable.

b. If you can upgrade to Silverlight 3, we recommend you do that instead of using this workaround.

c. Detailed steps are available in the security bulletin: http://www.microsoft.com/technet/security/...n/MS06-061.mspx.

d. This workaround prevents Silverlight from loading, preventing malicious websites from exploiting this vulnerability, but also preventing non-malicious Silverlight applications from loading.

If you have the most current version, I don't think you are at risk, according to that. Found that on the clickable link that Ron gave