Mozilla Firefox: Add-ons Blocklist
Language: JP EN DE FR
New Items
2023-11-19
users online
Forum » Everything Else » Tech Support » Mozilla Firefox: Add-ons Blocklist
Mozilla Firefox: Add-ons Blocklist
 Ragnarok.Anye
Offline
Server: Ragnarok
Game: FFXI
user: Anye
Posts: 5449
By Ragnarok.Anye 2009-10-17 14:06:06
Link | Quote | Reply
  
https://www.mozilla.com/en-US/blocklist/
Just letting you guys know in case the window didn't pop up letting you know it was being disabled.

This thing kinda freaked me out, though: "Microsoft .NET Framework Assistant and Windows Presentation Foundation, all versions, for all applications. Reason: remote code execution vulnerability."

I tried reading all the comments here, but I'm... not quite tech savvy enough, I suppose; the most I got out of it is an argument whether or not it should be disabled based on the fact that the plugin and the problem aren't directly related.

Anyone have a more educated take on this and want to contribute? :)
 Seraph.Caiyuo
Offline
Server: Seraph
Game: FFXI
user: Caiyuo
Posts: 6524
By Seraph.Caiyuo 2009-10-17 14:57:14
Link | Quote | Reply
  
Don't you try to swoon me with Firefox talk, Anye. Dx

From what I've read, the vulnerability mentioned in this article was patched via Windows Update 2 days ago, but because there's no guarantee to Firefox users that they're updating their systems, they've added it to the block-list for now. If you do not have patch MS09-054 installed then this is worth disabling, as I've read.

Quote:
I'm sorry, but I still disagree with this block. Were the problem unpatched,
then I could agree with it. But you're blocking a PATCHED vulnerability!
People who aren't installing their operating system patches automatically or
regularly are likely vulnerable to all sorts of things.

Users who are automatically receiving windows updates received the patch for
this issue *2 days* before this block was put out.

In fact, the Computerworld article linked in the description of this bug
states, "This week, Microsoft did not revisit the origin of the .NET add-on,
but simply told Firefox users that they should uninstall the component if they
weren't able to deploy the patches provided in the MS09-054 update."

Very clearly, ONLY if you are not going to deploy MS09-054 should you block the
add-on. Since MS09-054 was deployed as part of Patch Tuesday on 14 October
2009, automatically pushed via Windows Update as an Important update.
Here's more reading on the subject, but essentially says the same as the quote in regards to which users should be concerned: http://blogs.technet.com/srd/archive/2009/10/12/ms09-054.aspx

Thanks for the notice, Anye, didn't know anything about this!
 Garuda.Antipika
Offline
Server: Garuda
Game: FFXI
user: Antipika
Posts: 1339
By Garuda.Antipika 2009-10-17 15:05:32
Link | Quote | Reply
  
Windows popped up for me like 1hr ago, just disabled these add-on, not like I have a need for these :<
 Lakshmi.Jaerik
Administrator
Offline
Server: Lakshmi
Game: FFXI
user: Jaerik
Posts: 3834
By Lakshmi.Jaerik 2009-10-17 15:35:33
Link | Quote | Reply
  
Mozilla, being very closely tied to Google (they even work in the same offices), has a very rocky relationship with Microsoft. The two companies detest one another. It's not surprising that when such a massive Microsoft vulnerability was discovered that could make Mozilla look very bad (as uninformed folks would just assume Firefox was the one with the security problem), they would just temporarily disable the Microsoft plugins until enough people have grabbed the Microsoft patch to have herd immunity.
[+]
 Ragnarok.Anye
Offline
Server: Ragnarok
Game: FFXI
user: Anye
Posts: 5449
By Ragnarok.Anye 2009-10-17 22:39:53
Link | Quote | Reply
  
Oooo. Thanks for the feedback, guys! Muchly appreciated :D
Top Show Op
Log in to post.