Newsletters

Select newsletters below and click the button to sign up!

Boston News NY News
DC News Internet Daily
SiliconValley News
InternetNews Business Report




Become a Marketplace Partner


Partner With Us


Internetnews Bloggers

Recent Entries

Archives

November 2009
Sun Mon Tue Wed Thu Fri Sat
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30          

Monthly Archives

Search The Blog

Netstat -vat by Sean Michael Kerner (bio)

A command line view of IT



Mozilla blocks, unblocks Microsoft add-ons for Firefox

By Sean Michael Kerner on October 19, 2009 8:42 AM
moz.msft.gifFrom the 'Browser Security' files:

Over the weekend, potentially tens of millions of users around the world booted their Firefox browser and were told that their Microsoft add-ons were being blocked (see my screenshot left).

Specifically, Mozilla began blocking the Windows Presentation Foundation (WPF) add-on and the .NET Framework Assistant add-on. Both of those add-ons were added to Mozilla's blocklist for security issues.

Late Sunday, Mozilla VP Mike Shaver blogged that the .NET Framework Assistant add-on is now set to be removed from the blocklist but the WPF framework would stay on the list.
"We received confirmation from Microsoft this evening that the Framework Assistant add-on is not a mechanism for exploiting the vulnerabilities detailed in the earlier post, so we've removed it from the blocklist," Shaver wrote. "As the blocklist update propagates to clients, the add-on should be re-enabled for users who had it previously enabled."
As of 9 AM EDT today (Monday Oct 19), I personally still see both Microsoft add-ons on the blocklist as published by Mozilla at https://www.mozilla.com/en-US/blocklist/. I'm not sure how long it takes to change a web page, (let alone propagate a change to tens of millions of users).

The reason why Mozilla is blocking the Microsoft add-ons in the first place is because  during this month's Microsoft patch Tuesday update, the two add-ons were identified as being risky.

So as part of their effort to make the web a safer place, Mozilla moved to block them late Friday night.
"Because of the difficulties some users have had entirely removing the add-on, and because of the severity of the risk it represents if not disabled, we contacted Microsoft today to indicate that we were looking to disable the extension and plugin for all users via our blocklisting mechanism," Shaver blogged. "Microsoft agreed with the plan, and we put the blocklist entry live immediately."
At a top level, Mozilla's move is in keeping with their recent push to secure add-ons and plugins for its users. It makes sense that Mozilla, rather than waiting for third parties, takes the initiative and protect its users.

Now the issue with the blocking and then unblocking of the .net add-on is a bit messy. Is it, or isn't it secure? What happened between Friday night and Sunday that make Mozilla change their mind? Based on Shaver's comments it looks like there was communication between Microsoft and Mozilla. My take is that there was a reconsideration on Microsoft's part (or a miscommunication) on the severity of the .NET issue.

Perhaps more annoying in this whole situation is the simple fact the no users (to the best of my knowledge) ever actually chose to install the two Microsoft add-on in the first place. Those add-ons were part of a Microsoft Update that got bundled to users earlier this year. That shouldn't have happened in the first place.

Overall though, Firefox users in my opinion should rest assured that Mozilla's management is being aggressively pro-active at ensuring browser security -- and that's a great thing.

| Comments (2) | TrackBacks (0) | Share

0 TrackBacks

Listed below are links to blogs that reference this entry: Mozilla blocks, unblocks Microsoft add-ons for Firefox.

TrackBack URL for this entry: https://swarm.jupitermedia.com/mt-tb.cgi/9107

2 Comments

Matt @ annoyances-resolved said:

I was surprised how coincidental it was that Mozila disabling WPF and .NET FA coincided with a terrible "blinking close button bug" on Firefox. See http://annoyances-resolved.blogspot.com/2009/10/firefox-vista-close-button-blinking.html

It turns out the events are not related, just coincidental, so the blinking close button bug is still in search of a solution.

October 19, 2009 7:49 PM
Ahmad Barirani said:

There is a war going on in the browser market.This is because browsers are the future operating systems.

November 1, 2009 11:28 PM

Leave a comment