On TechRepublic: 10 cool USB flash drive tricks
BNET Business Network:
BNET
TechRepublic
ZDNet

October 19th, 2009

Mozilla blocks (then unblocks) dangerous MS .NET Firefox add-on

Posted by Ryan Naraine @ 5:29 am

Categories: Adobe, Anti Virus, Arbitrary Code Execution, Browsers, Data theft, Denial of Service (DoS), Exploit code, Firefox, Google, Google Chrome, Malware, Microsoft, Mozilla, Open source, Patch Watch, Pen testing, Uncategorized

Tags: Mozilla Firefox, Microsoft Corp., Mozilla Corp., Add-on, Web Browsers, Spyware, Adware & Malware, Cyberthreats, Security, Viruses And Worms, Internet

FINAL UPDATE: In the Threatpost podcast above, Mozilla’s Mike Shaver explains what happened (.mp3)

[ UPDATE: Mozilla has now removed the extension from the blocklist after Microsoft clarified some information in its bulletin on how Firefox users were affected.  I'll attempt to get to the bottom of what appears to be a case of miscommunication ]

Mozilla has added the Microsoft .NET Framework Assistant add-on to its blacklist, a move that effectively disables the dangerous extension and plug-in for all Firefox users.

The move comes in the wake of an admission from Microsoft that the add-on was exposing users to drive-by malware downloads via a remote code execution vulnerability.

[ SEE: Microsoft exposes Firefox users to drive-by malware downloads ]

Mozilla’s Mike Shaver explains:

Because of the difficulties some users have had entirely removing the add-on, and because of the severity of the risk it represents if not disabled, we contacted Microsoft today to indicate that we were looking to disable the extension and plugin for all users via our blocklisting mechanism. Microsoft agreed with the plan, and we put the blocklist entry live immediately. (Some users are already seeing it disabled, less than an hour after we added it!)

This Firefox add-on, which was added by Microsoft without the permission of end users, has been a source of controversy for months.  It triggered a debate about whether vendors should add code to a rival browser without explicit disclosure — and permission — and prompted warnings about the security implications.

Those warnings became reality last week when Microsoft shipped a “critical” security bulletin with fixes for security problems in its own Internet Explorer browser — a flaw that presented an attack vector on Firefox because of the controversial .NET Framework extension.

This is not the first time Mozilla has used its blocklist mechanism to kill problematic extensions.

In addition to Microsoft, the blocklist also includes add-ons from anti-virus vendor AVG, Yahoo and Apple.

[ UPDATE: Mozilla has now removed the extension from the blocklist after Microsoft clarified some information in its bulletin on how Firefox users were affected.  I'll attempt to get to the bottom of what appears to be a case of miscommunication ]

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 62 Talkback(s)
RE: Mozilla blocks dangerous MS .NET Firefox add-on
I just did a clean fresh reinstall yesterday, and that plugin was present and enabled... I JUST disabled it. Thanks for the headsup.... (Read the rest)
Posted by: Clydelover@... Posted on: 12/12/09 You are currently: a Guest | | Terms of Use
Way to go!  Christian_<>< | 10/19/09
.net, not IE.  rtk | 10/19/09
Facts are meaningless to the OP  ejhonda | 10/19/09
What is meaningless  Ole Man | 10/20/09
RE: Mozilla blocks dangerous MS .NET Firefox add-on  carloslorenzo | 10/19/09
Mozilla blocked even though vunerability had been patched  IE8 | 10/19/09
However  Ceridan | 10/19/09
Actually...  eMJayy | 10/19/09
RPN for posts?  loupgarous | 10/19/09
WPF still blocked here.  CobraA1 | 10/19/09
RE: Mozilla blocks dangerous MS .NET Firefox add-on  m@... | 10/19/09
I just deleted this whole thing from my system  Lerianis10 | 10/19/09
that's pretty smart, actually  Narr vi | 10/19/09
How dare they (MS)  TranMan | 10/19/09
Where is the class-action lawsuit?  masonwheeler | 10/19/09
What law  emcauley | 10/19/09
Re: what law  masonwheeler | 10/19/09
Yeah, good luck with that.  rtk | 10/19/09
One of my machines was just blocked Mon AM  ken@... | 10/19/09
RE: Mozilla blocks dangerous MS .NET Firefox add-on  Mike andriane | 10/19/09
RE: Mozilla blocks dangerous MS .NET Firefox add-on  strueb | 10/19/09
RE: Mozilla blocks dangerous MS .NET Firefox add-on  blisseyegg2343@... | 10/19/09
How is this stifling competition and freedom of choice?  rtk | 10/19/09
It stifles freedom of choice...  masonwheeler | 10/19/09
Don't install .net  rtk | 10/19/09
Bull  Wintel BSOD | 10/19/09
It's a framework  rtk | 10/19/09
Then why didn't...  Wintel BSOD | 10/20/09
because the extension didn't yet exist  rtk | 10/20/09
Not good enough  Wintel BSOD | 10/21/09
Too bad, for you.  rtk | 10/21/09
Still not good enough  Wintel BSOD | 10/22/09
Again, too bad for you.  rtk | 10/22/09
And still not good enough...  Wintel BSOD | 10/23/09
And again, too bad for you.  rtk | 10/23/09
RE: Mozilla blocks dangerous MS .NET Firefox add-on  ICUR12 | 10/20/09
RE: Mozilla blocks dangerous MS .NET Firefox add-on  anslemdegraffe | 10/19/09
conspiracy theories aside.  rtk | 10/19/09
M$ motives should always be questioned  Wintel BSOD | 10/19/09
The block is off, remember  rtk | 10/19/09
It's still on their blocked webpage as of 10/20/09  Wintel BSOD | 10/20/09
Maybe they need some more volunteers  rtk | 10/20/09
Do they?  Wintel BSOD | 10/21/09
They do  rtk | 10/21/09
Do they weelie, weelie?  Wintel BSOD | 10/22/09
child.  rtk | 10/22/09
old fuddy duddy  Wintel BSOD | 10/23/09
And on it goes.  rtk | 10/23/09
RE: Mozilla blocks dangerous MS .NET Firefox add-on  anslemdegraffe | 10/19/09
RE: Mozilla blocks dangerous MS .NET Firefox add-on  loupgarous | 10/19/09
RE: Mozilla blocks dangerous MS .NET Firefox add-on  monkeyfuel04 | 10/19/09
What's stopping you? (nt)  rtk | 10/19/09
RE: Mozilla blocks dangerous MS .NET Firefox add-on  deejayp56@... | 10/19/09
Whole deal is stupid  Stan57 | 10/19/09
I'm sure they'll get right on that...  jbroche18 | 10/20/09
RE: Mozilla blocks dangerous MS .NET Firefox add-on  bruceslog | 10/19/09
RE: Mozilla blocks dangerous MS .NET Firefox add-on  ICUR12 | 10/20/09
Actually  Ole Man | 10/20/09
Ummm.... still on the list  kaninelupus | 10/20/09
To the contrary  Ole Man | 10/20/09
Re:Way to go!  ICUR12 | 10/20/09
RE: Mozilla blocks dangerous MS .NET Firefox add-on  Clydelover@... | 12/12/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement
Click Here

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here