On mySimon: Excalibur Touch Screen Handheld Sudoku
BNET Business Network:
BNET
TechRepublic
ZDNet

October 19th, 2009

Mozilla blocks (then unblocks) dangerous MS .NET Firefox add-on

Posted by Ryan Naraine @ 5:29 am

Categories: Adobe, Anti Virus, Arbitrary Code Execution, Browsers, Data theft, Denial of Service (DoS), Exploit code, Firefox, Google, Google Chrome, Malware, Microsoft, Mozilla, Open source, Patch Watch, Pen testing, Uncategorized

Tags: Mozilla Firefox, Microsoft Corp., Mozilla Corp., Add-on, Web Browsers, Spyware, Adware & Malware, Cyberthreats, Security, Viruses And Worms, Internet

FINAL UPDATE: In the Threatpost podcast above, Mozilla’s Mike Shaver explains what happened (.mp3)

[ UPDATE: Mozilla has now removed the extension from the blocklist after Microsoft clarified some information in its bulletin on how Firefox users were affected.  I'll attempt to get to the bottom of what appears to be a case of miscommunication ]

Mozilla has added the Microsoft .NET Framework Assistant add-on to its blacklist, a move that effectively disables the dangerous extension and plug-in for all Firefox users.

The move comes in the wake of an admission from Microsoft that the add-on was exposing users to drive-by malware downloads via a remote code execution vulnerability.

[ SEE: Microsoft exposes Firefox users to drive-by malware downloads ]

Mozilla’s Mike Shaver explains:

Because of the difficulties some users have had entirely removing the add-on, and because of the severity of the risk it represents if not disabled, we contacted Microsoft today to indicate that we were looking to disable the extension and plugin for all users via our blocklisting mechanism. Microsoft agreed with the plan, and we put the blocklist entry live immediately. (Some users are already seeing it disabled, less than an hour after we added it!)

This Firefox add-on, which was added by Microsoft without the permission of end users, has been a source of controversy for months.  It triggered a debate about whether vendors should add code to a rival browser without explicit disclosure — and permission — and prompted warnings about the security implications.

Those warnings became reality last week when Microsoft shipped a “critical” security bulletin with fixes for security problems in its own Internet Explorer browser — a flaw that presented an attack vector on Firefox because of the controversial .NET Framework extension.

This is not the first time Mozilla has used its blocklist mechanism to kill problematic extensions.

In addition to Microsoft, the blocklist also includes add-ons from anti-virus vendor AVG, Yahoo and Apple.

[ UPDATE: Mozilla has now removed the extension from the blocklist after Microsoft clarified some information in its bulletin on how Firefox users were affected.  I'll attempt to get to the bottom of what appears to be a case of miscommunication ]

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 61 Talkback(s)
And on it goes.
I'm not talking to Mr. Saunders. I'm talking to you.

Too bad, the answer was given to you directly from the source, there's no point in asking me to guess when it's spelled out for you.... (Read the rest)
Posted by: rtk Posted on: 10/23/09 You are currently: a Guest | | Terms of Use
Way to go!  Christian_<>< | 10/19/09
.net, not IE.  rtk | 10/19/09
Facts are meaningless to the OP  ejhonda | 10/19/09
What is meaningless  Ole Man | 10/20/09
RE: Mozilla blocks dangerous MS .NET Firefox add-on  carloslorenzo | 10/19/09
Mozilla blocked even though vunerability had been patched  IE8 | 10/19/09
However  Ceridan | 10/19/09
Actually...  eMJayy | 10/19/09
RPN for posts?  loupgarous | 10/19/09
WPF still blocked here.  CobraA1 | 10/19/09
RE: Mozilla blocks dangerous MS .NET Firefox add-on  m@... | 10/19/09
I just deleted this whole thing from my system  Lerianis10 | 10/19/09
that's pretty smart, actually  Narr vi | 10/19/09
How dare they (MS)  TranMan | 10/19/09
Where is the class-action lawsuit?  masonwheeler | 10/19/09
What law  emcauley | 10/19/09
Re: what law  masonwheeler | 10/19/09
Yeah, good luck with that.  rtk | 10/19/09
One of my machines was just blocked Mon AM  ken@... | 10/19/09
RE: Mozilla blocks dangerous MS .NET Firefox add-on  Mike andriane | 10/19/09
RE: Mozilla blocks dangerous MS .NET Firefox add-on  strueb | 10/19/09
RE: Mozilla blocks dangerous MS .NET Firefox add-on  blisseyegg2343@... | 10/19/09
How is this stifling competition and freedom of choice?  rtk | 10/19/09
It stifles freedom of choice...  masonwheeler | 10/19/09
Don't install .net  rtk | 10/19/09
Bull  UAC nanny screen | 10/19/09
It's a framework  rtk | 10/19/09
Then why didn't...  UAC nanny screen | 10/20/09
because the extension didn't yet exist  rtk | 10/20/09
Not good enough  UAC nanny screen | 10/21/09
Too bad, for you.  rtk | 10/21/09
Still not good enough  UAC nanny screen | 10/22/09
Again, too bad for you.  rtk | 10/22/09
And still not good enough...  UAC nanny screen | 10/23/09
And again, too bad for you.  rtk | 10/23/09
RE: Mozilla blocks dangerous MS .NET Firefox add-on  ICUR12 | 10/20/09
RE: Mozilla blocks dangerous MS .NET Firefox add-on  anslemdegraffe | 10/19/09
conspiracy theories aside.  rtk | 10/19/09
M$ motives should always be questioned  UAC nanny screen | 10/19/09
The block is off, remember  rtk | 10/19/09
It's still on their blocked webpage as of 10/20/09  UAC nanny screen | 10/20/09
Maybe they need some more volunteers  rtk | 10/20/09
Do they?  UAC nanny screen | 10/21/09
They do  rtk | 10/21/09
Do they weelie, weelie?  UAC nanny screen | 10/22/09
child.  rtk | 10/22/09
old fuddy duddy  UAC nanny screen | 10/23/09
And on it goes.  rtk | 10/23/09
RE: Mozilla blocks dangerous MS .NET Firefox add-on  anslemdegraffe | 10/19/09
RE: Mozilla blocks dangerous MS .NET Firefox add-on  loupgarous | 10/19/09
RE: Mozilla blocks dangerous MS .NET Firefox add-on  monkeyfuel04 | 10/19/09
What's stopping you? (nt)  rtk | 10/19/09
RE: Mozilla blocks dangerous MS .NET Firefox add-on  deejayp56@... | 10/19/09
Whole deal is stupid  Stan57 | 10/19/09
I'm sure they'll get right on that...  jbroche18 | 10/20/09
RE: Mozilla blocks dangerous MS .NET Firefox add-on  bruceslog | 10/19/09
RE: Mozilla blocks dangerous MS .NET Firefox add-on  ICUR12 | 10/20/09
Actually  Ole Man | 10/20/09
Ummm.... still on the list  kaninelupus | 10/20/09
To the contrary  Ole Man | 10/20/09
Re:Way to go!  ICUR12 | 10/20/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Essential Topics Click Here

advertisement

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

Enterprise Applications

  • Check out some of the easiest and most powerful ways to boost productivity while saving money on your application infrastructure. See ZDNet's comprehensive Enterprise Application resource center, now!
  • New Online Dashboard
  • Read about top issues IT decision-makers face every day, plus get cost effective solutions to real life IT problems. Oracle Topline