Shady Microsoft Plugin Pokes "Critical" Hole In Firefox Security

Illustration for article titled Shady Microsoft Plugin Pokes "Critical" Hole In Firefox Security

Microsoft has acknowledged that they slipped the .NET Framework Assistant plugin into Firefox via Windows Update this past February, and that it has poked a "critical" hole in the browser's security (effectively bringing Firefox down to IE's level).

Advertisement

Microsoft has deemed the hole to be a "critical" security threat, as it gives webmasters the ability to quietly install software on your PC. Last May, Microsoft released an update that made it possible to uninstall the .NET framework. They also released a patch earlier this week that supposedly fixes the problem. The vulnerability can also be exploited on users running any version of Internet Explorer. Needless to say, Firefox and IE users should employ one of those solutions ASAP. [Computer World Image via rootshell.be]

DISCUSSION

Wow, this has got to be one of the most poorly written articles I've ever seen on gizmodo.

Saying they "slipped" it in is a misnomer, it was an optional download. Automatic updates only automatically install bugfixes etc.

Also, your "link" to uninstall the .net framework is actually a patch to the addon.

I know you guy are often biased against microsoft, but just wow. #security