Guys,

it's been a while since I last visit Wilders, but I found this today which I think is very serious, so I thought of giving the heads up. A quick search hare showed no results, so here it goes:

-{ Quote: "The Microsoft .NET Framework 3.5 Service Pack 1, unleashed in February, forces an undisclosed Firefox extension on Windows users, called “Microsoft .NET Framework Assistant 1.0″, and it does so without asking the users permission.

To add insult to injury, the extension not only injects a serious security vulnerability into Firefox (also present in Internet Explorer), but it disables the uninstall button, " }-

-{ Quote: "The official purpose of the add-on is to add ‘One-Click’ support and the ability to report installed .NET framework versions to the web server, but it also allows websites to install software on a users PC without their knowledge. This is a very serious security flaw that effectively turns Firefox into an open gateway for malware, much like Microsoft’s own web browser, Internet Explorer." }-

http://startupearth.com/2009/05/31/microsoft-sabotaging-firefox-with-sneaky-net-updates/

More here:

http://www.geek-speak.co.uk/2009/06/microsoft-invades-firefox/

In other words: Firefox allows extensions to be silently installed by 3rd-party software that cannot be easily removed.

Sounds like a perfect recipe for malware exploitation.

Firefox's fault for even allowing the uninstall button to be disabled.

explanation and fix
http://blogs.msdn.com/brada/archive/2009/02/27/uninstalling-the-clickonce-support-for-firefox.aspx

Already reported in February, plus fixes:

http://www.wilderssecurity.com/showthread.php?t=232220

Hi :)

Look What I've Just Found! ::)
https://addons.mozilla.org/en-US/firefox/addon/9449#reviews

I'm Presuming! .. Firefox must be OK with this Microsoft Add-On then ???

-{ Quote: "Hi :)

Look What I've Just Found! ::)
https://addons.mozilla.org/en-US/firefox/addon/9449#reviews

I'm Presuming! .. Firefox must be OK with this Microsoft Add-On then ???" }-

Um, why not? It's just another addon among the thousands, but made by Microsoft. I don't understand the point you're making. This is a good approach, if people want the addon, they get it. Instead of auto-downloading it.

Hi Funkydude :)

-{ Quote: "Um, why not? It's just another addon among the thousands, but made by Microsoft. I don't understand the point you're making. This is a good approach, if people want the addon, they get it. Instead of auto-downloading it." }-

I'm Not Trying To Make Any Point!

Yes it is good that people can make the choice to install / uninstall this Microsoft Add-On .. As and when they like.

However!
It Still Is... auto-downloaded .. By Microsoft!

I was simply trying to understand how this Add-On can go from being such Big News one day - To - Just another Firefox Add-On the next :-\

-{ Quote: "The Microsoft .NET Framework 3.5 Service Pack 1, unleashed in February, forces an undisclosed Firefox extension on Windows users, called “Microsoft .NET Framework Assistant 1.0″, and it does so without asking the users permission.

To add insult to injury, the extension not only injects a serious security vulnerability into Firefox (also present in Internet Explorer), but it disables the uninstall button, " }-


One Day.. Forced Add-On Install
Next Day.. Add-On Available From Firefox Themselves

One Day.. Serious Security Vulnerabilty
Next Day.. Has That Gone Now? ???

-{ Quote: "One Day.. Forced Add-On Install
Next Day.. Add-On Available From Firefox Themselves

One Day.. Serious Security Vulnerabilty
Next Day.. Has That Gone Now? ???" }-
I don't know, maybe people just decided to stop overreacting to hype.

-{ Quote: "I don't know, maybe people just decided to stop overreacting to hype." }-
You're not serious right?

-{ Quote: "You're not serious right?" }-
*sigh*

Fine, I'll play along. Go on. What's the latest conspiracy theory of the week? ::)

-{ Quote: "*sigh*

Fine, I'll play along. Go on. What's the latest conspiracy theory of the week? ::)" }-
Yes, put it in aliens category and be done with it...

-{ Quote: "Yes, put it in aliens category and be done with it..." }-
Don't look at me, people like you could never get enough of those.

So you gonna tell us the story or not?

-{ Quote: "This thread is full of incredible irony. It's amazing how much leniency people on Wilders are giving Microsoft, and yet are incredibly harsh on other products that have dodgy practises. Too much time I think." }-
Let's not kid ourselves here. The only irony here is people who stick up for a company who consorts with malware writers and whose CEO works himself into a hysterical fit when he gets exposed by security bloggers, yet call out Microsoft for "dodgy" practises when they install a benign plugin for legitimate purposes.

I'm still waiting for the conspiracy story of the week, btw. Maybe you'd care to provide it?

-{ Quote: "And the irony continues, with people for and against, and some even creating their own conspiracy theories about other companies and starting to go off topic. Classic stuff." }-
Says the one who brings up "other products" into this thread in the first place.

Hypocrite much, haha? Classic stuff indeed, haha.

Yes it was stupid of them to auto-add it, yes I was pissed off, even MORE so at Firefox for allowing anyone to be able to install addons that can't be uninstalled via the button. Microsoft isn't the only one, I believe Skype used to do this too.

But I believe they reverted the auto-install (better late than never), which is why it's available separately.

So, to be fair (Gosh! I do love these moments that invade my brain! Must have been the cookies I ate. :D):

Microsoft should never have done that. That's more than clear. They rectified it, haven't they? At least, I remember seeing it mentioned somewhere.

Still, not to run from this thread's subject - "Microsoft invades firefox".

So, what?

Wasn't found not so long ago that Firefox was doing unknown (As in, the user having no idea.) connections (If I well remember, those connections had nothing to do with updating the browser.), that were only then found after someone taking a look at a firewall log?

So, so much trust for this open source software? Am I free to say then - We can't trust an application just because it's code is freely available? After all, who on this Earth is going to read line and lines of code looking for some breach? Just a pretty wild guess, but I'd say 99% wouldn't.

If this was happening with Internet Explorer, we sure would have seen similar threads like this one and others. But, it happens it wasn't, so no big deal, right? Let's move on...

I'm going back to my cookies now... ;)


Cheers

My disable button isn't greyed out so I did.

-{ Quote: "
Wasn't found not so long ago that Firefox was doing unknown (As in, the user having no idea.) connections (If I well remember, those connections had nothing to do with updating the browser.), that were only then found after someone taking a look at a firewall log?" }-
I never saw that. I only remember some users asking that question and the answer being in Mozilla's FAQ or something. The solution was in Firefox's preferences.
I could be missing something of course.
-{ Quote: "
But I believe they reverted the auto-install (better late than never), which is why it's available separately." }-
Agreed, problem solved.