Archive for October 16th, 2009

Some time ago we advised to uninstall the Microsoft .NET Framework assistant because it was breaking some Firefox extensions.
Windows Presentation Foundation Plugin in the Add-Ons Manager
Of course, as many noticed at that time, having add-ons from Microsoft installed into Firefox behind your back by a Windows update also expanded the attack surface of the Mozilla browser, by adding the possible (likely) vulnerabilities of Microsoft's technology to the mix. Ironically, this is the very argument used by Microsoft itself against Google Frame.

This easy precognition is reality now. According to Microsoft,

MS09-054 addresses an IE vulnerability (CVE-2009-2529), which was discovered and presented by Mark Dowd, Ryan Smith, and David Dewey at the BlackHat conference in July. [...]

A browse-and-get-owned attack vector exists. All that is needed is for a user to be lured to a malicious website. [...]

While the vulnerability is in an IE component, there is an attack vector for Firefox users as well.

The reason is that .NET Framework 3.5 SP1 installs a “Windows Presentation Foundation” plug-in in Firefox.
Via this plug-in it is possible to launch XBAP, and reach this vulnerability, from within Firefox.

The Windows Presentation Foundation plugin enables "XAML Browser Applications" (XBAPs) to run into your browser. Ironically, this appears to be Microsoft's late equivalent of Java Applets, with some ActiveX scent as a bonus (native code). Talk about lesson learned...

In order to protect yourself, open Tools|Add-ons|Plugins, select Windows Presentation Foundation, and click the Disable button.

Bad Behavior has blocked 965 access attempts in the last 7 days.