Linked by Kroc Camen on Sat 17th Oct 2009 05:27 UTC
Microsoft Whilst it's not okay in Microsoft's eyes for Google to install a plugin into Internet Explorer, increasing the potential surface area of attack, when Microsoft do it to Firefox, it's a different matter. Now a security hole has been found in a plugin that Microsoft have been silently installing into Firefox.
Order by: Score:
...
by Hiev on Sat 17th Oct 2009 06:03 UTC
Hiev
Member since:
2005-09-27

So let me get this, Firefox can be exploited via pluggins? there are hundreds of pluggins for Firefox and everyone one of them its a potential hole, scary.

Reply Score: 2

RE: ...
by umccullough on Sat 17th Oct 2009 06:06 UTC in reply to "..."
umccullough Member since:
2006-01-26

Plugins are like Java, Flash, etc - they are not the same as Firefox extensions. Basically if you run into a website that demands you install some plugin, you should maybe think twice, since you're trusting a piece of software that is not sandboxed.

In any case, I notice Firefox now disables the WPF plugin "for my protection" ;)

Reply Score: 3

RE[2]: ...
by Kroc on Sat 17th Oct 2009 06:37 UTC in reply to "RE: ..."
Kroc Member since:
2005-11-10

Ah, I was hoping someone on Windows could confirm that, I read in a comment on another article that Mozilla had flipped the kill-switch and blacklisted the plugin until MS fix it.

Reply Score: 2

RE[3]: ...
by robojerk on Sat 17th Oct 2009 06:53 UTC in reply to "RE[2]: ..."
robojerk Member since:
2006-01-10

I'll confirm that Mozilla is pushing to disable the extensions. I got the popup just a minute ago to restart for my protection.

Reply Score: 4

RE[4]: Microsoft .NET Framework assistant disabled
by flav2000 on Sat 17th Oct 2009 07:01 UTC in reply to "RE[3]: ..."
flav2000 Member since:
2006-02-08

I guess that the .NET Framework assistant was added along with the latest .NET 3.5 updates.

I recall myself manually uninstalling all Microsoft add-ons after the last gaffe.

Now they're back at it?

I only noticed that it was installed when I had the restart Firefox dialog pop up with a message that two "unsafe" add-ons related to Microsoft has been disabled.

Reply Score: 1

RE[4]: ...
by Nehemoth on Sat 17th Oct 2009 22:06 UTC in reply to "RE[3]: ..."
Nehemoth Member since:
2005-07-07

Yeah, Just received the popup minutes ago.

Awesome by Mozilla

Reply Score: 1

RE[4]: ...
by looncraz on Sun 18th Oct 2009 04:42 UTC in reply to "RE[3]: ..."
looncraz Member since:
2005-07-24

Yup, me as well. When I saw what add-ons, I didn't waste a single neuron pulse to try and guess why.

My belief is now confirmed.

Hooray for Mozilla blocking the add-ons!!

--The loon

Reply Score: 2

RE: ...
by gustl on Sun 18th Oct 2009 12:44 UTC in reply to "..."
gustl Member since:
2006-01-19

That is not the problem, as usually nobody will have all of the plugins installed, and NONE of the plugins will be there without his knowledge.

What MS did here, was BY FAR worse, than what google does.
If you come across a website, which requires the chrome plugin in IE, you get asked a nice question, if you want to install that plugin or not. You have to explicitly say "yes" to get the stuff installed.

Whereas in the current situation, you run an update on WINDOWS, and it installs a backdoor into software hich should be out-of-bounds for it's update scope.

Instead they should do the same as google does with the chrome plugin: Put up a plugin for download, that is installed (or not) by the browser, once it comes across a website which says it needs it.

Microsoft seems to be at it's old dirty tricks again: Make sure EVERYBODY who is on Windows can interpret THEIR closed, patented version of web protocols. Then luring web designers into designing EXCLUSIVELY for this warped web protocol, thereby creating a bad web experience for non-Windows users.

The google chrome plugin is doing the exact opposite: Enabling IE for standardized, international and platform agnostic web protocols, thereby enabling those standards to be used by EVERYBODY, including operating systems which have only one user on the whole planet.

Reply Score: 5

v Uh
by Thom_Holwerda on Sat 17th Oct 2009 06:55 UTC
RE: Uh
by Erunno on Sat 17th Oct 2009 08:19 UTC in reply to "Uh"
Erunno Member since:
2007-06-22

Sure, I'll give you a list of my essential Firefox extensions and build-in Firefox features which actually improve my work flow significantly or make the Internet simply a nicer place. If Chrome can do all of this things as well I'll consider switching. Oh, but I forgot: You're the ascetic who believes browsers should only be an address bar and a content view because a browser in no way can help the user to have a better experience other than staying of the way.

Chrome is nice for the users who only care about speed speed the same way a leaky hut in the wood is sufficient for people who don't need all those unnecessary features of modern civilization.

I know that your comment was tongue-in-cheek, Tom, but please try not to fall into the same pattern like the ardent Linux users do every time Windows is mentioned.

Reply Score: 4

RE: Uh
by Kroc on Sat 17th Oct 2009 10:20 UTC in reply to "Uh"
Kroc Member since:
2005-11-10

This is a _plugin_, not an extension. It's like Flash. Microsoft could silently install this into Chrome just as easily, and Chrome has less UI to deal with plugins. Disabling them in Firefox is easy, and Mozilla even have a blacklist.

Reply Score: 3

List of Blocked applications in Firefox
by flav2000 on Sat 17th Oct 2009 07:03 UTC
flav2000
Member since:
2006-02-08

Thought I should link to this to show the latest blocklist details:
https://www.mozilla.com/en-US/blocklist/

Two prominent ones are:

Microsoft .NET Framework Assistant and Windows Presentation Foundation, all versions, for all applications. Reason: remote code execution vulnerability (see bug 522777).

Apple QuickTime Plugin, v7.1.*, for all Firefox 3 versions on Windows. Reason: remote code execution in multiple versions (see bug 430826).

Reply Score: 6

Opt-in
by Erunno on Sat 17th Oct 2009 08:27 UTC
Erunno
Member since:
2007-06-22

Moziila really has to re-think how extensions and plug-ins register with Firefox. In no way should Firefox allow that one of these things can be installed silently without the user's consent. Even a pop-up window when starting the browser would already be to prominent in my opinion. The yellow notification bar should be sufficient to inform the user that a plug-in wishes to installed, so that the user can also quickly discard of the notification ("Install|Don't install|Never bother me again").

Reply Score: 3

RE: Opt-in
by flanque on Sat 17th Oct 2009 08:57 UTC in reply to "Opt-in"
flanque Member since:
2005-12-15

I think the problem here is that these malware authors are very tricky. They figure out ways to slip things in without users noticing. I think Mozilla should add as much as possible, but I am wondering whether the issue at hand is not as much that the plugin is installed (it's a concern yes), but what the plugin can do.

Why not focus on controlling / auditing what the plugins do at the user level. For example, if it tries to write to disk alert the user, if it tries to remotely connect to a website, alert the user.

Control not only getting the plugin in the browser, but also add safe-guards to what it does once it's there.

Reply Score: 3

RE[2]: Opt-in
by moondevil on Sat 17th Oct 2009 09:31 UTC in reply to "RE: Opt-in"
moondevil Member since:
2005-07-08

This exactly one reason why regardless of your OS, you might be easily owned.

Sure it is harder to get Virus and other type of malaware deployed in MacOS X, Linux and other systems. But if your browser gets owned, you might just say goodbye to your data. Remeber the browser has full rights to access all files with your user rights.

Just because you stay away of Windows, don't think that you are safe.

Reply Score: 3

RE[3]: Opt-in
by mrAmiga500 on Sat 17th Oct 2009 12:49 UTC in reply to "RE[2]: Opt-in"
mrAmiga500 Member since:
2009-03-20

This exactly one reason why regardless of your OS, you might be easily owned.

Sure it is harder to get Virus and other type of malaware deployed in MacOS X, Linux and other systems. But if your browser gets owned, you might just say goodbye to your data. Remeber the browser has full rights to access all files with your user rights.

Just because you stay away of Windows, don't think that you are safe.


I think when I browse with my Amiga 500 I'm pretty safe. I dare anybody to try to "own" me and steal my files. ;)

You're right though and I think this is a shameful situation. I remember when browsers just displayed text and images - and that's all. There was no way to hack into the OS. Now, browsers are getting too complex and adding too many features that become security risks. I like handy new features, but not if there is any chance it gives away control of MY computer.

I don't ever want software being installed without my permission. I don't ever want software to connect to the internet without my permission. I don't even like it when software accesses the hard drive when I didn't ask it to do anything. We're losing control and are now at the mercy of software instead of being in charge.

Reply Score: 2

RE[4]: Opt-in
by bert64 on Sat 17th Oct 2009 19:53 UTC in reply to "RE[3]: Opt-in"
bert64 Member since:
2007-04-23

It would be relatively easy to own an Amiga 500 which you were using for browsing...
Most of the AmigaOS browsers, and even things like the tcp stack are rather dated, no longer maintained and wouldn't take too long for a skilled attacker to find some holes. Actually exploiting such holes would be relatively easy too.
The only advantage of using an Amiga is that people wouldn't be expecting it, if anyone remotely skilled was actually targeting you it wouldn't help much.

Reply Score: 1

RE[5]: Opt-in
by mrAmiga500 on Sat 17th Oct 2009 23:33 UTC in reply to "RE[4]: Opt-in"
mrAmiga500 Member since:
2009-03-20

It would be relatively easy to own an Amiga 500 which you were using for browsing...
Most of the AmigaOS browsers, and even things like the tcp stack are rather dated, no longer maintained and wouldn't take too long for a skilled attacker to find some holes. Actually exploiting such holes would be relatively easy too.


Really? What could an attacker do? They might be able to knock me offline or even crash the Amiga, but I seriously doubt that they could access my files, install software or anything else.

I'd like to see somebody try - just for interest. Would somebody like my A500 IP address so they could attempt it?

Reply Score: 1

RE[6]: Opt-in
by moondevil on Mon 19th Oct 2009 09:26 UTC in reply to "RE[5]: Opt-in"
moondevil Member since:
2005-07-08

Well for starts they can wipe out your data. That's all.

As soon as you get a compromissed programm with a live network connection, the process has the same rights as the user that started it. Now whatever is running inside that process, read "injected code", can do whatever that user can do.

If the specific user can wipe out files, than you can say goodbye to all you Amiga 500 files, that have the same user as owner. Or maybe the program will upload data from your files, who knows.

Reply Score: 1

RE[7]: Opt-in
by mrAmiga500 on Mon 19th Oct 2009 14:59 UTC in reply to "RE[6]: Opt-in"
mrAmiga500 Member since:
2009-03-20

Well for starts they can wipe out your data. That's all.

As soon as you get a compromissed programm with a live network connection, the process has the same rights as the user that started it. Now whatever is running inside that process, read "injected code", can do whatever that user can do.

If the specific user can wipe out files, than you can say goodbye to all you Amiga 500 files, that have the same user as owner. Or maybe the program will upload data from your files, who knows.


No, they can't wipe all my data. You're thinking "too modern". The Amiga OS doesn't have built in support for remote execution of programs or processes. It doesn't have users, owners or rights. It doesn't have a built in file server. There is no way someone could see my files, let alone execute, upload or delete one.

I don't use any security at all and I feel supremely safe. (...until somebody can prove otherwise ;) )

Edited 2009-10-19 15:01 UTC

Reply Score: 0

RE[2]: Opt-in
by Kroc on Sat 17th Oct 2009 10:32 UTC in reply to "RE: Opt-in"
Kroc Member since:
2005-11-10

Plugins are native code, there's no auditing that can really be done other than by your AV spotting this behaviour. The plugin interface just provides a means for the native code to load and to paint back to the browser.

Chrome and Safari on Snow Leopard place plugins on their own thread and in a sandboxed environment, which helps; but ultimately the whole nature of plugins is completely flawed and unsafe from the get-go.

Mozilla also can't outright block these things from being installed because the OS vetos the browser. Id est, any software running on the computer can manipulate any aspect of the browser to fool it into accepting a plugin, circumventing any protection Mozilla put in place.

That said, I feel Mozilla should take a firm stance and beef up how they handle plugins and things installing into the browser so that the user has complete control. They need to make managing plugins as easy as extensions.

Reply Score: 2

RE[3]: Opt-in
by Erunno on Sat 17th Oct 2009 10:49 UTC in reply to "RE[2]: Opt-in"
Erunno Member since:
2007-06-22

Chrome and Safari on Snow Leopard place plugins on their own thread and in a sandboxed environment, which helps; but ultimately the whole nature of plugins is completely flawed and unsafe from the get-go.


Actually, both run plug-ins in separate processes and not threads. Chrome does not use a sandbox for them as Google encountered too many compatibility problems to be turned on by default. To lessen the attack area at least somewhat Google lets the process which does the IPC run with minimal rights. While the plug-in can still wreck havoc this way at least Chrome itself is somewhat secured.

Edited 2009-10-17 10:52 UTC

Reply Score: 4

RE[4]: Opt-in
by Kroc on Sat 17th Oct 2009 11:01 UTC in reply to "RE[3]: Opt-in"
Kroc Member since:
2005-11-10

Thanks for the corrections, and I had forgot to add IE8/Vista to my list, which sandboxes plugins too.

Reply Score: 1

RE[5]: Opt-in
by Erunno on Sat 17th Oct 2009 11:35 UTC in reply to "RE[4]: Opt-in"
Erunno Member since:
2007-06-22

Thanks for the corrections, and I had forgot to add IE8/Vista to my list, which sandboxes plugins too.


IE8 and Chrome both feature a process-per-tab model (although in reality there are exceptions when a new tab is run in the same process as its parent, at least on Chrome). Safari only outsources plug-ins into processes, probably mainly to be able to run 32-bit stuff like Flash. Interestingly enough, although IE8 also runs Flash in a separate process it is not able to use it in a 32/64 bit mixed mode like Safari, i.e. Flash does not work with 64-bit IE8.

And I don't want to sound patronizing by repeating myself but Chrome does not sandbox plug-ins by default. I know that there are different opinions on what constitutes sandboxing but in the context of Chrome calling a separate process a sandbox does not apply since Chrome additionally is able to lock down individual processes.

Reply Score: 2

RE[6]: Opt-in
by PlatformAgnostic on Sat 17th Oct 2009 16:40 UTC in reply to "RE[5]: Opt-in"
PlatformAgnostic Member since:
2006-01-02

IE runs plugins in the same process as the renderer, so it can't currently do the 64-bit/32-bit mix.

Reply Score: 2

RE[7]: Opt-in
by Erunno on Sat 17th Oct 2009 17:12 UTC in reply to "RE[6]: Opt-in"
Erunno Member since:
2007-06-22

IE runs plugins in the same process as the renderer, so it can't currently do the 64-bit/32-bit mix.


Strange, I thought I caught a glimpse of a "FlashHelper" (or similarly named) process last time I used Windows 7. It must be used for some other purpose then, I guess.

Reply Score: 2

Not possible on current OS architecture
by contextfree on Sun 18th Oct 2009 11:26 UTC in reply to "Opt-in"
contextfree Member since:
2009-06-01

If the user is running a program, as far as your computer and OS (Windows, Unix, OS X) is concerned, that program IS the user. There's no distinction between what the user can do and what programs running as the user can do, therefore it's not possible for Mozilla to prevent programs running as the user from doing whatever they like "without the user's consent".

Reply Score: 1

beware the .net
by k.g.stoyanov on Sat 17th Oct 2009 10:25 UTC
k.g.stoyanov
Member since:
2005-07-12

Keep .NET away from your computer!!

Reply Score: 2

RE: beware the .net
by Kroc on Sat 17th Oct 2009 10:42 UTC in reply to "beware the .net"
Kroc Member since:
2005-11-10

Better than that, keep developers away from .NET! _Nobody_ should be forcing browser users to accept this crap. I swear Microsoft are doing everything in their power to usurp HTML/CSS/JS with *any* other technology, as long as they own it.

Reply Score: 2

RE[2]: beware the .net
by golimpio on Sat 17th Oct 2009 15:09 UTC in reply to "RE: beware the .net"
golimpio Member since:
2009-10-17

Better than that, keep users away from Windows ;)

Reply Score: 2

RE[2]: beware the .net
by Hiev on Sat 17th Oct 2009 16:56 UTC in reply to "RE: beware the .net"
Hiev Member since:
2005-09-27

Honestly what a stupid answer, HTML/CSS/JS are not the total answer for web or desktop or anything, I've used .NET and HTML/CSS/JS, and damn the last combination makes your life misserable, who ever invented the CSS layout system should be judged for crimes againts the humanity, the browser may be optimized to run JS "at the speed of light" but is still interpretated code inside a browser, that makes it slow and CPU hungry (just try using Google Wave and you'll see, I don't know how google plans to make that thing reliable w/o a pluggin).

In other words, get a clue.

Edited 2009-10-17 17:01 UTC

Reply Score: 4

RE[3]: beware the .net
by Erunno on Sat 17th Oct 2009 17:14 UTC in reply to "RE[2]: beware the .net"
Erunno Member since:
2007-06-22

but is still interpretated code inside a browser


Welcome to 2009 where at least 3 different JIT-compiling JavaScript engines exist. ;-)

Reply Score: 3

RE[3]: beware the .net
by robojerk on Sat 17th Oct 2009 18:01 UTC in reply to "RE[2]: beware the .net"
robojerk Member since:
2006-01-10

I'm still waiting for my invite to Google Wave.

Google claims their rationale to Chrome Frame for IE8 is to get their JavaScript engine in IE so Wave will run better. Is Wave slow for you because of IE javascript engine or just slow in general?

Reply Score: 1

RE[4]: beware the .net
by Hiev on Sat 17th Oct 2009 18:06 UTC in reply to "RE[3]: beware the .net"
Hiev Member since:
2005-09-27

IE8 doesn't support wave well, and wave in chrome is slow and CPU hungry.

oh and please, stop the fallacity that a faster JS makes a lot of difference when loading a webpage, JS loading only represents 15% to 20% of the loading time of a webpage.

Edited 2009-10-17 18:14 UTC

Reply Score: 2

RE[3]: beware the .net
by Ventajou on Sat 17th Oct 2009 19:18 UTC in reply to "RE[2]: beware the .net"
Ventajou Member since:
2006-10-31

I completely agree. HTML + CSS + JavaScript were not built for full desktop like apps. The fact that some clever developers started using them for that is what triggered the browsers to get better at it. But in the end, it's like using a rock with a nail: it will work but it will be a pain.

Even Google recognized that, that's why they came up with GWT so they can abstract JS a bit.

With .Net and Visual Studio, MS has simply provided the best development environment for their Windows platform. I've developed in ASM and C/C++ for years before moving to c# and I must say it's just a pleasure to code.

Reply Score: 3

RE[4]: beware the .net
by Kroc on Sat 17th Oct 2009 19:49 UTC in reply to "RE[3]: beware the .net"
Kroc Member since:
2005-11-10

I’m not saying that JS is better than proper compiled code as a development method, I’m saying that _in the browser_, I want HTML/CSS/JS, and not a broken plugin-icon and drive-by viruses, kthnx.

Reply Score: 1

RE[5]: beware the .net
by Hiev on Sat 17th Oct 2009 21:23 UTC in reply to "RE[4]: beware the .net"
Hiev Member since:
2005-09-27

Kroc, I'd really like to agree with you, but HTML controls are to limited, you get a button, a combobox a listbox and a pair more and that's it, but lets suppose you need a datetime edit that can show a calendar when you click the tiny arrow to show a calendar, that is something trivial in a desktop aplication, or a treeview or a decend grid (tables do a good job but they fall short), if you need something like it, be prepared to reinvent the well with tons of java script and tons of CSS hacks. And apart deploy all those .js and .css files with your webpage. That, in the end, the users will have to download just to have that basic functionality.

Now try to do that with .NET or Flash or Silverligh or <insert your hated pluggin here> and like magic all that functionality will be at your reach.

HTML is to basic, and needs a lot of javascript and CSS wotkship to make it work for my needs, and Im sure im not alone here.

Edited 2009-10-17 21:26 UTC

Reply Score: 3

RE[6]: beware the .net
by Kroc on Sun 18th Oct 2009 08:02 UTC in reply to "RE[5]: beware the .net"
Kroc Member since:
2005-11-10

I agree too. It’s early. HTML5 adds a date-picker, Opera support it already, have done so from 9.5.

It’ll get there, don’t worry. Just not right this second.

Reply Score: 2

RE[6]: beware the .net
by license_2_blather on Mon 19th Oct 2009 19:03 UTC in reply to "RE[5]: beware the .net"
license_2_blather Member since:
2006-02-05

I for one am willing to forego some fancy UI elements in exchange for some security. We are, after all, dealing with unknown, untrusted data from unknown, untrusted sources.

To beat your example to death ;) , I have no problem picking my month and day from two drop-downs instead of a calendar view. If I need the calendar, I'll call it up locally on my PC.

Ultimately I think browsers will have to become sandboxes, or (more comfortable to me) we will have to run them in our own sandboxes (a la Sandboxie on Windows, jails on FreeBSD, SELinux). Yes, it will be inconvenient (browse sandbox files, click the one I meant to download, transfer out of sandbox), but far less troublesome than losing your data or reloading your OS.

Edited 2009-10-19 19:04 UTC

Reply Score: 1

RE[4]: beware the .net
by gustl on Sun 18th Oct 2009 15:21 UTC in reply to "RE[3]: beware the .net"
gustl Member since:
2006-01-19

I would speak not a single syllable against .NET, C# and other technically sound Microsoft software, if they would just stop trying to balkanize the web with it.

There are exactly 2 ways to do that:

1. Don't force use of this technology into web protocols.

2. OR make it a free standard, for everybody's free implementation and use. The patent license grants would need to be unlimited in time, relicenseability and platform (simplified: GPLv3-compatible).

Blazing speed does not help me, if the technology locks me into one program or platform.

Reply Score: 4

nt_jerkface Member since:
2009-08-26

Sorry but .net is too useful as a platform and is a security improvement over traditional Win32 c++ development.

This is a case that shows we need better security when it comes to plugins. If you actually wanted to keep developers away from a type of plugin for security reasons you would have a better case with flash.

Reply Score: 2

andyleung Member since:
2006-03-24

Sorry but .net is too useful as a platform and is a security improvement over traditional Win32 c++ development.

This is a case that shows we need better security when it comes to plugins. If you actually wanted to keep developers away from a type of plugin for security reasons you would have a better case with flash.


I guess you still don't know who invented .NET? It's the company which just forced to break Firefox where this article just emphasized. So you appreciate their tools that may have tons of these broken security issues? Interesting.

Reply Score: 1

strcpy Member since:
2009-05-20

So you appreciate their tools that may have tons of these broken security issues? Interesting.


Now now. Firefox itself has had tons of broken security issues. And continues to do so.

Reply Score: 2

RE: beware the .net
by lemur2 on Sun 18th Oct 2009 11:51 UTC in reply to "beware the .net"
lemur2 Member since:
2007-02-17

Keep .NET away from your computer!!


Even better - keep Windows away from your computer.

Reply Score: 2

External installs
by bert64 on Sat 17th Oct 2009 19:44 UTC
bert64
Member since:
2007-04-23

If it's not installed through Mozilla itself, they can't have any control over other programs that modify it's configuration at the OS level.
They are doing the best they can by blacklisting known vulnerable plugins, but when you have access to the layer below there are always round it.

Reply Score: 1

Your point is??
by the old rang on Sat 17th Oct 2009 19:53 UTC
the old rang
Member since:
2009-09-04

This is not a new nor uncommon thing from the people at Redmond.

That the poorly announced and security 'enhancement' was put in without letting victims know...

Only re-affirms why I now use Linux.




"A MAN IS NOT OLD UNTIL REGRETS TAKE THE PLACE OF DREAMS".

Reply Score: 1

Battle of the Softwares
by mentormatt8 on Mon 19th Oct 2009 00:43 UTC
mentormatt8
Member since:
2009-10-19

"Along with .NET Framework 3.5 SP1, Microsoft have been silently installing a Windows Presentation Foundation Plugin that allows the embedding of XAML applications (an XML-based UI technology) in web pages, called XBAP (XAML Web App).

The exploit is drive-by, meaning that the victim only needs to be lured onto a web-page for the attack to be effective. The only safe thing to do until a patch is issued, is to open Firefox’s AddOn Manager and disable the WPF plugin. "

The battles of the softwares like these are really annoying and are not helping debug other issues. Because, who knows, was WPF plugin causing problems? Was it something else?
It took me two days, for example to figure out that ( http://annoyances-resolved.blogspot.com/2009/10/battle-of-two-softw... ) WPF did NOT cause this problem with Firefox.

Now that WPF is disabled, and the problem with Blinking Close, Minimize and Restore Button on Firefox reappeared http://annoyances-resolved.blogspot.com/2009/10/firefox-vista-close... ), I know WPF was not to blame.

Reply Score: 1