Microsoft's Firefox update security problem
Oct 18, 2009 3:33:16 GMT
Post by CharlieChomper on Oct 18, 2009 3:33:16 GMT
For those who remember the incident of Microsoft's hidden, unwanted update to Firefox that proved difficult to remove (and which the company later provided instructions for on how to go about it), it appears that those who had concerns about it as far as not knowing whether to be wary of it may have just had them confirmed.
The vulnerability initially only affected users of IE--until it was learned that the unwanted Microsoft plugin that snuck into Firefox via a Microsoft update also made that browser vulnerable to the same problem.
The nature of the problem basically would allow the attacker to gain control over the system via one of the two browsers (in the case of Firefox, via this plugin/add-on) visiting a website that was "rigged" with the malware to do the job.
The Mozilla group have confirmed that this is a very serious threat and it has also been confirmed by Microsoft to affect all versions of IE as well as anyone who has this add-on installed and running in Firefox.
That's the "bad news".
The "good news" is that Microsoft has or will be addressing the problem with an upcoming patch release.
Regardless, for anyone out there who has the .Net add-on in Firefox as installed by Microsoft last February, if you haven't done so already, you may want to consider removing it--I posted a link to directions on how to do so a while back.
Likewise, this is hardly the first time it's happened that Microsoft has snuck in an update of some sort without warning users of it, much less making them aware of it, and introduced more serious problems (just before BV was released for Sims2, they had another incident of this nature in the form of a "silent" patch release that users were made unaware of and caused serious problems--in addition to a number of other problems (some security-related), they included issues related to system restores before they released yet another patch to fix the bad patch. It was also impossible to remove the sneaky patch without having to do a complete reinstall of Windows at that time and having to disable internet access to avoid it installing itself).
The vulnerability initially only affected users of IE--until it was learned that the unwanted Microsoft plugin that snuck into Firefox via a Microsoft update also made that browser vulnerable to the same problem.
The nature of the problem basically would allow the attacker to gain control over the system via one of the two browsers (in the case of Firefox, via this plugin/add-on) visiting a website that was "rigged" with the malware to do the job.
The Mozilla group have confirmed that this is a very serious threat and it has also been confirmed by Microsoft to affect all versions of IE as well as anyone who has this add-on installed and running in Firefox.
That's the "bad news".
The "good news" is that Microsoft has or will be addressing the problem with an upcoming patch release.
Regardless, for anyone out there who has the .Net add-on in Firefox as installed by Microsoft last February, if you haven't done so already, you may want to consider removing it--I posted a link to directions on how to do so a while back.
Likewise, this is hardly the first time it's happened that Microsoft has snuck in an update of some sort without warning users of it, much less making them aware of it, and introduced more serious problems (just before BV was released for Sims2, they had another incident of this nature in the form of a "silent" patch release that users were made unaware of and caused serious problems--in addition to a number of other problems (some security-related), they included issues related to system restores before they released yet another patch to fix the bad patch. It was also impossible to remove the sneaky patch without having to do a complete reinstall of Windows at that time and having to disable internet access to avoid it installing itself).