Silent add-on Install for Firefox from Microsoft

This is a nice article. I had this add-on installed and didn't even know it. Firefox can be exploited with a drive by download with this Microsoft add-on that is silently installed in Firefox. I also had two Microsoft DRM Plug-ins I didn't know about. Inside firefox, click tools (up at the top), then click add-ons, also check the plug-ins tab. Here is one article. There are many more surfacing.

http://www.osnews.com/story/22358/Silent_Install_Firefox_Plugin_Backfires_on_Microsoft


---BigKat---

 

It does indeed!

 

I don't have the WPF thingie ... any idea how it got there, on your machines?
Mrk

 

If your don't have ,NET Framework installed or have not updated beyond 3.0 it will not be installed. In my case no .NET Framework installed on my Windows XP VM running on Slackware64 13.0. At one time I did have it and after updating to 3.5 noticed that new extension in Fx. No more .NET now as I have nothing installed that needs it.

 

I have no idea. I also think "chrisretusn" is right and that its automatically installed with the latest version of the .Net Framework or an update/patch to an older version. I have no evidence of this yet. I might need some help from other forum members on this one. Hopefully another article will surface soon with the answer.

I am just about through with MS completely {insert several curse words} over this finding. Fedora and/or OpenSuse installations are coming to all my machines very soon. Are they trying to turn FF into IE by making it vulnerable to drive by installations with a sort of "active X" add-on to a "non active X browser"? This is about as bad as when I passed Windows Genuine Advantage with IE under WINE. I laughed when Linux passed WGA. I am not laughing anymore.

---BigKat---

 

*cough*

Let's just say that when it comes to being vulnerable to drive-by installations, Firefox needs no help from anyone.

 

Good call. I should have said "more vulnerable" (LOL). Its hard to post right now without me flaming Microsoft. Can't seem to think straight when this sort of thing happens.

---BigKat---

 

If you wish to remove this plugin, add the following to a text document then save as type 'All Files' and name it something like RemoveWPF_Plugin.reg

Code:

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"=-

...or you can simply disable it from the Add-ons>Plugins tab.

 

Thank you. I wanted this cut out.

 

At least you recognize the urge for what it is. Plenty of other people would've gladly continued to flame on without bothering to engage their brains.

At any rate, though, I personally fail to see this as a big brouhaha on Microsoft's part. There have been plenty of plugins with security vulnerabilities in the past, from other companies like Adobe and Sun. Firefox itself, in particular, comes with a handful of critical flaws every few months and allows silent installation of plugins, and I don't understand why Microsoft invariably cut all the flak while Mozilla gets off scot-free.

 

I used google to search for these plug-in objects. You will get many hits. Looks like others play this silent plug-in installation game too. No Uninstall, just a disable button. I will remove these later, I just wanted to show some of you what else gets silently installed.

 

Does anyone know what Microsoft figures that the two "DRM" plugins are needed for?

 

I was dealing with this exact issue yesterday. Firefox warned me that Microsoft.NET Framework Assisstant (MFA) and WPF were insecure and needed to be uninstalled. Funny thing is, I uninstalled MFA the first time it came out rather easily, but this second time I had to follow Microsoft's article here but was unable to delete the DotNetAssisstantExtension folder even as an admin (using Win 7 32-bit). I ended up turning off Microsoft.NET Framework in Windows Features and that just deleted the 3.5 folder entirely. It was a big PITA to figure out though.

I wonder when this junk was installed though since I've been running Firefox sandboxed for only a few weeks. I also have Comodo D+ running so I either gave Firefox too many rights or did not understand one of the pop-ups.

EDIT: Weird thing, I also had two Microsoft DRM plugins but after going to about:config and aboutlugins to see where they are located, they were not listed in aboutlugins and were no longer listed in my plugins window.

 

i don't have .net framework installed.
i download and run an opera beta version like 5 dayas ago...uninstalled after 1 day..
and bow i see a have a DRM folder in all users.
and network service folders in documents and settings.
don't know if this is relate to the newest opera beta release?

 

http://shaver.off.net/diary/2009/10...ant-blocked-to-disarm-security-vulnerability/

http://blogs.technet.com/srd/archive/2009/10/12/ms09-054.aspx

 

Just before reading this thread, a message came up from Firefox saying that the following add-ons cause instability and/or security issues and it listed Windows Presentation Foundation and .NET assistant. Underneath it said that Firefox had automatically blocked them from running and required a restart to finish.

Never seen that before and was kind of a strange coincidence that I got that message literally minutes before I saw this thread. Also, been running Firefox since as far back as I can remember so strange to only get that message now!

 

Same thing here. Firefox is history here.

 

Microsoft should not be installing this to Firefox on the blind as it is doing. That said, Firefox should not allow any extension, plug-in to be installed with out getting your approval first. Since it appears that Fx is notifying you of this (Ade 1's post and your agreement with it), why dump firefox?

 

+1 here.

This thread answered my confusion. It is unfortunate that it has come to this. So am I going to have to check daily just to make sure no unauthorized plug-ins have been installed? Serious bummer!

I would have thought that Firefox would have alerted to the fact that a plug-in was being installed. I should have had a choice in the matter.

Firefox has been my preferred browser for years so I can't say I will stop using it. My faith in my choice of browser has been shaken though. Guess I will have to start researching and testing other browsers now.

The only thing I want installed on my PC is what I install on it!

No software vendor be they Microsoft, Firefox, or whoever should have the right to take that choice away. It is very underhanded!

 

Why history, because your browser actually blocked a potentially vulnerable component, which was installed without consent in the first place?

Kind of contrary to logic ...

Mrk

 

I use Opera browser and I have it too !!

C:\Program Files\Opera\program\plugins\npwmsdrm.dll (microsoft @DRM)

So will try to remove it.


Gordon

 

I have went through the threads the G-MOD posted above and I haven't found them yet.

C:\Program Files\Mozilla Firefox\plugins has only 3 .dlls in its folder. They are not in any folder.

The .dlls outside in C:\Program Files\Mozilla Firefox cover java, flash, ect. These DRM's are not listed here or the other places listed either. I have set Xp to show all "hidden files and folders", "extensions for known file types", and to show "protected operating system files". These DRM's must be new, renamed, or someplace else. WPF add-on is gone, these other DRM's are buried in the registry or some part of another program besides the .Net Framework.

I am still looking and searching. For now, I just have the plug-ins disabled. I am starting to have Hijack This and rootkit nightmares from searching for things in the past (LOL). I am just going to use backup images until they are gone.

---BigKat---

OFF TOPIC: Sorry to start a thread and give up, but I have an emergency on my hand right now involving swine flu. I am a Molecular Biologist with degrees in Microbiology and Biology. I have to help with a human virus now.

 

Ya, been through this shyte previously.

Comes with the 3.5 .Net updates obviously.
If .Net framework is uninstalled then do these go too?

When MS did this before, raised a firestorm of resentment.

What do these plugins actually do ??..from the labelling, some form of DRM control ...going to block 'illegal' uses of content ??
Some explanation from MS anywhere.

Did NOT see any of these new plugins listed anywhere in any of the recent big updates from MS: is that legal ??
If not illegal, ( no doubt somewhere in the MS EULA ) then certainly discourteous, unasked for, and to top it off, a pita to remove.

Watch and wait for the level of awareness and irritation to grow.

 

Firefox did not notify me. I had all that unchecked in options. That being said, Firefox is in the trash. It is becoming the new IE.

ghodgson- I don't have that folder in my Opera directory, because I don't have "plug ins checked"

I feel that any software that does a "silent add-on" is considered malware.
I know all you FF lovers will try to defend this activity.