Microsoft update infects Firefox with IE's worst vulnerability

By siliconindia   |   Wednesday, 08 July 2009, 19:36 IST   |    3 Comments
Printer Print Email Email
Bangalore: A well known security hole present in Internet Explorer (IE), which allow the websites install dangerous, un-trusted code on computer randomly, is now activated in Firefox, courtesy MS Windows installation. Microsoft's .NET Framework 3.5 Service Pack 1 update installs the Microsoft .NET Framework Assistant extension for Firefox, silently, without informing the user. It will be difficult to fix the problem. The users will have a difficult time removing the vulnerability from their system once they are aware of it. "We added this support at the machine level in order to enable the feature for all users on the machine. It turns out that enabling this functionality at the machine level, rather than at the user level means that the "Uninstall" button is grayed out in the Firefox Add-ons menu because standard users are not permitted to uninstall machine-level components," Brad Adams, a Microsoft employee told Zdnetasia. Abrams informed about an update which has been produced in response to a lot of negative reaction from people who realized that Microsoft was tampering around with their Firefox installs without permission or notification, that turns the extension into a "per-user component". This can be stated as Microsoft's biggest vulnerability this year, as uninstalling the product also might not solve the problem.