If you have "no place to go," come here!

Microsoft installed a plugin into FireFox without telling users. As it turns out, the plug-in's a security risk

ComputerWorld. Fine.


No votes yet


Davidson's picture
Submitted by Davidson on

Firefox just froze on me and then it popped up that there were two extensions that threatened my web browser's stability and security. Fortunately, Firefox tells you--unlike Microsoft--and allows you the option of disabling them.

This is what I get for having Windows.

S Brennan's picture
Submitted by S Brennan on

It was not clear to me how to fix Redmond's sabotage. What the the step by step Procedure Please?

Davidson's picture
Submitted by Davidson on

You have to remove the Windows Presentation Foundation plug-in.

Here's one:
For Firefox users with .NET Framework 3.5 installed, you may use “Tools”-> “Add-ons” -> “Plugins”, select “Windows Presentation Foundation”, and click “Disable”.

Here's another one, which is riskier:

Roman Berry's picture
Submitted by Roman Berry on

...Mozilla dropped the ball on this one. There was a security issue but that issue was fixed. Mozilla pushed the blocklist update for this extension and plugin after they were patched.

From the MS blog linked from the (poorly written) CW article:

First we’d like to make it clear that any customers that have applied the update associated with MS09-054 are protected, regardless of the attack vector. And most customers need not take any action as they’ll receive this update automatically through Automatic Updates.

Numerous people (myself included) have been raising hell not with Microsoft but with Mozilla over this issue for the last day. Mozilla screwed up by adding these to the blocklist after they were fixed.

If you want to see plugins that are perpetually a security issue, take a look at Flash and Acrobat Reader. Seems to me that there is some reflexive MS bashing going on at Mozilla (and in other places) that doesn't have a sound basis.