Microsoft Exposes Firefox Users to Drive-By Malware Downloads


	Microsoft Exposes Firefox Users to Drive-By Malware Downloads

merrie

10-17-2009 3:59 AM

170 views

tags:

code execution vulnerability, microsoft .net framework, sneaked into firefox

merrie says:

Here, the affected process is the Windows Presentation Foundation (WPF) hosting process, PresentationHost.exe.
While the vulnerability is in an IE component, there is an attack vector for Firefox users as well. The reason is that .NET Framework 3.5 SP1 installs a “Windows Presentation Foundation” plug-in in Firefox.

Now, Microsoft’s security folks are actually recommending that Firefox users uninstall the buggy add-on:

For Firefox users with .NET Framework 3.5 installed, you may use “Tools”-> “Add-ons” -> “Plugins”, select “Windows Presentation Foundation”, and click “Disable"

This introduction of vulnerabilities in a competing browser is a colossal embarrassment for Microsoft. At the time of the surreptitious installs, there were prescient warnings from many in the community about the security implications of introducing new code into browsers without the knowledge " and consent " of end users.

http://blogs.zdnet.com/security/?p=4614&tag=nl.e589

8 Comments |

Add a Comment

10-17-2009 4:02 AM

davboz

I just got a pop-up warning 15 min. ago. I better check it out now!

10-17-2009 4:03 AM

merrie

SEE: Microsoft says Google Chrome Frame doubles IE attack surface

This episode also underscores some of the hypocrisy that has risen to the surface in the new browser wars. When Google announced it would introduce a plug-in that runs Google Chrome inside Microsoft’s Internet Explorer, Microsoft whipped out the security card and warned that Google’s move increased IE’s attack surface.

“Given the security issues with plug-ins in general and Google Chrome in particular, Google Chrome Frame running as a plug-in has doubled the attach area for malware and malicious scripts. This is not a risk we would recommend our fr...

10-17-2009 4:51 AM

merrie

I could temporarily disable it from my "All-In-One" toolbar, but I'm nervous that it might be something that I
should keep.

10-17-2009 5:30 PM

n2sooners

I was getting some sluggish performance out of Firefox a while back and disabling that plug in helped. So fortunately I already had it disabled.

10-17-2009 6:32 PM

blueridge

Firefox is not auto prompting a "block" to disable these 2 programs on Restart.

10-17-2009 6:33 PM

blueridge

correction: Firefox is NOW (delete "not" typo) blocking these programs on restart.

10-17-2009 7:03 PM

merrie

I just received my auto-prompt to click on "restart FF" to
disable IE NET Framework, but I have FF "All-In-One" add-on, which allows you options to either "disable" or
"uninstall", which comes in handy in certain situations.

10-17-2009 8:17 PM

merrie

I was getting some sluggish performance out of Firefox a while back
Now that you've mentioned it n2, I've noticed that my FF performance has improved measurably since I disabled it
today.

Login to Comment. Not a member yet? Sign up

Today's Top Clips

visit the Top Clips page

View the Top Clips from October 17, 2009

Embed This Clip In Your Site...

<div style="margin: 12px 0px; font-family: arial; color: #333333; background: #ffffff; border: solid 4px #e5e5e5; width: 100%; clear: left;"><div class="CM_CTB_Content_Wrap" style="margin: 0px; padding: 0px;background-color:#e5e5e5;"><div style="border-bottom: solid 1px #dcdcdc; white-space: nowrap; margin-bottom: 8px; background-color: #eeeeee ;background-image: url(http://www.clipmarks.com/images/source-bg.gif); background-repeat: repeat-x; height: 24px; line-height: 24px; vertical-align: middle; padding-bottom: 4px; color: #666666; font-size: 10px;" ><a href="http://clipmarks.com/clip-to-blog/" title="see clips that are hot right now"><img src="http://content.clipmarks.com/blog_embed/5c39f72a-76e2-4150-84e6-537062f43d67/C9C4C4FE-54E4-41DA-A1D8-49FFECF02209/" alt="" width="19" height="19" border="0" style="vertical-align: middle; margin: 0px 4px; display: inline; border: none; float:none;" /></a>clipped from <a title="http://blogs.zdnet.com/security/?p=4585" href="http://blogs.zdnet.com/security/?p=4585" style="font-size: 11px;">blogs.zdnet.com</a></div><blockquote style="text-align: left; padding: 0px 8px; margin: 4px 0px 8px 0px; background: transparent; border: none;" cite="http://blogs.zdnet.com/security/?p=4585"><P><A href="http://blogs.zdnet.com/security/?p=4614"><IMG height="70" width="72" alt="" src="http://i.zdnet.com/blogs/firefox_.jpg" title="firefox_" class="size-full wp-image-3744   alignright" /></A>Remember that Microsoft .NET Framework Assistant add-on that <A href="http://threatpost.com/blogs/microsoft-sneaks-firefox-add-without-user-knowledge">Microsoft sneaked into Firefox</A> without explicit permission from end users?</P></blockquote><div style="height: 2px; font-size: 2px; background: #dcdcdc; border-bottom: solid 1px #f5f5f5; margin: 2px 4px;"></div><blockquote style="text-align: left; padding: 0px 8px; margin: 4px 0px 8px 0px; background: transparent; border: none;" cite="http://blogs.zdnet.com/security/?p=4585"><P>Well, the code in that add-on has a serious code execution vulnerability that exposes Firefox users to the “browse and you’re owned” attacks that are typically used in drive-by malware downloads.<SPAN id="more-4614"></SPAN></P></blockquote><div style="height: 2px; font-size: 2px; background: #dcdcdc; border-bottom: solid 1px #f5f5f5; margin: 2px 4px;"></div><blockquote style="text-align: left; padding: 0px 8px; margin: 4px 0px 8px 0px; background: transparent; border: none;" cite="http://blogs.zdnet.com/security/?p=4585"><P>[ SEE: <A href="http://blogs.zdnet.com/security/?p=4585" rel="bookmark" title="Permanent Link to Patch Tuesday: MS plugs critical IE, Windows Media Player holes">Patch Tuesday: MS plugs critical IE, Windows Media Player holes</A> ]<A href="http://blogs.zdnet.com/security/?p=4585" rel="bookmark" title="Permanent Link to Patch Tuesday: MS plugs critical IE, Windows Media Player holes">
</A>
<A href="http://www.twitter.com/ryanaraine"><IMG height="92" width="176" alt="" src="http://i.zdnet.com/blogs/follow_me_on_twitter.png" title="follow_me_on_twitter" class="alignleft size-full wp-image-3257" /></A></P></blockquote><div style="height: 2px; font-size: 2px; background: #dcdcdc; border-bottom: solid 1px #f5f5f5; margin: 2px 4px;"></div><blockquote style="text-align: left; padding: 0px 8px; margin: 4px 0px 8px 0px; background: transparent; border: none;" cite="http://blogs.zdnet.com/security/?p=4585"><P>The flaw was addressed in the <A href="http://www.microsoft.com/technet/security/bulletin/ms09-054.mspx">MS09-054</A> bulletin that covered “critical” holes in Microsoft’s Internet Explorer but, as Redmond’s Security Research & Defense team <A href="http://blogs.technet.com/srd/archive/2009/10/12/ms09-054.aspx">explains</A>, the drive-by download risk extends beyond Microsoft’s browser.</P></blockquote><div style="height: 2px; font-size: 2px; background: #dcdcdc; border-bottom: solid 1px #f5f5f5; margin: 2px 4px;"></div><blockquote style="text-align: left; padding: 0px 8px; margin: 4px 0px 8px 0px; background: transparent; border: none;" cite="http://blogs.zdnet.com/security/?p=4585">A browse-and-get-owned attack vector exists. All that is needed is for a user to be lured to a malicious website. Triggering this vulnerability involves the use of a malicious XBAP (<A href="http://msdn.microsoft.com/en-us/library/aa970060.aspx">XAML Browser Application</A>). </blockquote><div style="height: 2px; font-size: 2px; background: #dcdcdc; border-bottom: solid 1px #f5f5f5; margin: 2px 4px;"></div><blockquote style="text-align: left; padding: 0px 8px; margin: 4px 0px 8px 0px; background: transparent; border: none;" cite="http://blogs.zdnet.com/security/?p=4585">Please not that while this attack vector matches one of the attack vectors for <A href="http://blogs.technet.com/srd/archive/2009/10/12/ms09-061-more-information-on-the-net-security-bulletin.aspx">MS09-061</A>, the underlying vulnerability is different.</blockquote></div><div style="margin: 0px 6px 6px 4px;"><table style="font-size: 11px;border-spacing: 0px;padding: 0px;" cellpadding="0" cellspacing="0" width="100%"><tr><td style="background:transparent;border-width:0px;padding:0px;">&nbsp;</td><td align="right" style="background:transparent;border-width:0px;padding:0px;width:107px" width="107"><a href="http://clipmarks.com/share/C9C4C4FE-54E4-41DA-A1D8-49FFECF02209/blog/" title="blog or email this clip"><img src="http://content8.clipmarks.com/images/c2b-foot.png" border="0" alt="blog it" width="107" height="17" style="border-width:0px;padding:0px;margin:0px;" /></a></td></tr></table></div></div>

New from the makers of Clipmarks: Amplify.com - Don't just share the news...Amplify it!

Clipmarks: Home; New Clips; Top Clips; Dashboard

Popular Topics: News; Life; Science; Technology; Entertainment

Get Started: Sign Up; Install Clipping Tool; How Clipping Works; Clip-to-Blog™; ClipSearch

Tools and Resources: FAQ; ClipWeek; Top Clippers; Top Tags; Site Map

About Clipmarks: About Us; Contact; Copyright; Privacy; EULA

Search Options

Today's Top Clips