.NET Framework Assistant Blocked to Disarm Security Vulnerability

10.16.09 - 09:00pm

Mike Shaver, Mozilla’s Vice President of Engineering writes:

I’ve previously posted about the .NET Framework Assistant add-on that was delivered via Windows Update earlier this year. It’s recently surfaced that it has a serious security vulnerability, and Microsoft is recommending that all users disable the add-on.

Because of the difficulties some users have had entirely removing the add-on, and because of the severity of the risk it represents if not disabled, we contacted Microsoft today to indicate that we were looking to disable the extension and plugin for all users via our blocklisting mechanism. Microsoft agreed with the plan, and we put the blocklist entry live immediately. (Some users are already seeing it disabled, less than an hour after we added it!)

Category: Security, Vulnerabilities |

Mozilla Plugin Check Now Live

The Conversation {5 comments}

  1. Alan Baxter {Friday October 16, 2009 @ 10:23 pm}

    I don’t see it listed on the Add-ons Blocklist page at https://www.mozilla.com/en-US/blocklist/. Should it be?

  2. Gavin Sharp {Saturday October 17, 2009 @ 12:14 am}

    Alan: that page was just updated – look again!

  3. Angry Firefox User {Saturday October 17, 2009 @ 12:26 am}

    You better leave both Microcrap addons/plugins disabled PERMANENTLY, even when this fiasco subsides.

  4. Da Scritch {Saturday October 17, 2009 @ 1:12 am}

    No ?
    Microsoft agreed ?
    No ???

    Aow yes, they said plugins are dangerous about Google Chrome… So do I

  5. fowl {Saturday October 17, 2009 @ 1:54 am}

    The more info link is borken: https://en-gb.www.mozilla.com/en-GB/blocklist/

    (also, isn’t the WPF plugin and the clickonce extension completely separate other than they are both by Microsoft)

Leave a Comment

  • Comment Policy:Could go here if there's a nagging need Login Instructions: Would go here if there's a desire.