Linked by Thom Holwerda on Mon 1st Jun 2009 11:04 UTC, submitted by Rahul
.NET (dotGNU too) Microsoft is really making it hard not to distrust them, aren't they? We already talked about Mono and Moonlight this weekend, and now we're notified of something else. Apparently, the Microsoft .NET Framework 3.5 Service Pack 1, released earlier this year, installs a Firefox extension which could not be uninstalled easily (registry hacking was needed). To make matters worse, this extension came with a pretty big security hole (at least, that's what everyone says). A newer version of this extension has been pushed out in May, which can be uninstalled the proper way. As it turns out, Firefox apparently has a limitation in that extensions installed at the machine level (instead of the user level) cannot be uninstalled from within the extensions GUI.
Thread beginning with comment 366591
To view parent comment, click here.
To read all comments associated with this story, please click here.
WorknMan
Member since:
2005-11-13

How *can* Firefox prevent it? How can Firefox distinguish between an extension installed through the Firefox interface, and an extension installed through something writing the exact same content to disk?


I don't know? Perhaps it could have a list of installed extensions in a file that was encrypted, so that outside apps couldn't write to it? Of course, it might get corrupted, but hey... there are smarter people than me to figure these things out ;)

Reply Parent Score: 2

Almindor Member since:
2006-01-16

So let me get this straight. An Microsoft installer inserts an unwanted firefox extension which is also a security hole and it's firefox that should "protect" against it?

Yeah right, why don't we tell application programmers to "protect" against malware abusing their programs via OS security holes huh?

Seriously Thom? Wtf is this? It's an obvious move by Microsoft and you're defending them?

Reply Parent Score: 2