The Active Network
ActiveMac Anonymous | Create a User | Reviews | News | Forums | Advertise  
 

  *  

  Firefox Squashes a Buggy Microsoft Plug-In
Time: 01:42 EST/06:42 GMT | News Source: Yahoo News | Posted By: Kenneth van Surksum

Redmond turned red-faced upon learning that an automatically installed Microsoft Windows Presentation Foundation plug-in for Firefox opened a major security hole. Following Microsoft's disclosure of the bug, Mozilla blocked the plug-in. According to Mozilla, Microsoft agreed with the move, even though it had released a patch to close the underlying flaw.

Write Comment
Return to News

  Displaying 1 through 25 of 332
Last | Next
  The time now is 5:21:33 AM ET.
Any comment problems? E-mail us
#1 By 2960 (68.100.201.101) at 11/25/2009 9:34:32 AM
Since when does MS have the right to even modify software that isn't it's own.

I mean, really. This is Bullshit.

#2 By 13997 (71.193.149.254) at 11/25/2009 10:22:34 AM
#1 Because WPF is a standard API set for Vista and Windows7, and part of that standard API is the ability to launch or use web based WPF applications.

So since Firefox is running on Windows, they can do this, as it would be like Microsoft updating GDI dlls or any other core OS API set libraries that make up WINDOWS.

Seriously, it scares me sometimes that people really don't get it and instead go for the 'sensational' anti-MS insanity instead of just stopping and thinking for a freaking second.

#3 By 15406 (216.191.227.68) at 11/25/2009 10:56:14 AM
#2: You really are vying with Ketchum for the title of MS Apologist of the Year, aren't you?

Because WPF is a standard API set for Vista and Windows7, and part of that standard API is the ability to launch or use web based WPF applications.

MS doesn't have ANY right to modify Firefox settings or install plugins without at least informing the user. I don't give a rat's ass what kind of API set it is and for which OS. That's all completely irrelevant. Completely.

Seriously, it scares me sometimes that people really don't get it and instead go for the 'sensational' anti-MS insanity instead of just stopping and thinking for a freaking second.

What scares me is that we have people like you and Ketchum that try and cover for MS at every turn. See, it's this exact kind of behaviour from MS, over periods of many, many years, that make people freak out on them and assume the worst. Here you are trying to spin people's natural suspicion of Microsoft to make them appear ignorant or ill-informed. TechLarry gets it all right, a lot more than you seem to.

#4 By 37 (192.251.125.85) at 11/25/2009 11:31:12 AM
I saved a bunch of money by switching to Geico.

#5 By 15406 (216.191.227.68) at 11/25/2009 12:04:25 PM
#4: It was so cheap that even a caveman could afford it?

#6 By 13997 (71.193.149.254) at 11/25/2009 4:15:39 PM
#3 "MS doesn't have ANY right to modify Firefox settings or install plugins without at least informing the user. I don't give a rat's ass what kind of API set it is and for which OS. "

Really? So when Firefox installs on MICROSOFT WINDOWS it should also then inform the user of every Registry and document handling changes it makes to the OS? Using your standard here...

Going even further if Windows updates GDI DLLs it should inform the user for every single change, and then list every application that uses those DLLs? Firefox by default accepts usage rules by running on Windows and using the OS API sets.

Windows simply 'brought' the WPF API feature set current and enabled it for Firefox. On the other hand if Microsoft did not support or enable this for Firefox, idiots, which you may be, would be yelling that Microsoft is locking Firefox out from using basic features and APIs of the OS.

Get it?

Besides, Firefox could have blocked or prevented this from installing or not used it, they DID NOT...



"What scares me is that we have people like you and Ketchum that try and cover for MS at every turn."

Cover for what? Just the fact that you BELIEVE that things need to be covered up implies that you assume nefarious actions by Microsoft. You are the one with the BELIEF system that apparently when I or other pokes holes through with facts that you find your reality threatened...

Facts are facts, and this is where your opinion doesn't mean crap...


#7 Really? Ok... (Edited to fit the AW passive aggressive rules, i.e. call people liars, idiots or stupid, just don't say it directly. Of course this doesn't count 'MS Apologist', 'fanboi', 'shill' or other passive form name calling that people like Latch do daily and you don't seem to mind. - For examples, just read above... Geesh.)


This post was edited by thenetavenger on Thursday, November 26, 2009 at 05:30.

#7 By 37 (96.42.32.6) at 11/25/2009 4:22:36 PM
"idiots like you"

Name calling isn't necessary. Please edit post accordingly.

#8 By 89249 (70.177.99.131) at 11/25/2009 8:32:20 PM
modify software that isn't it's own

Addons are addons and file types are file types. When you install Acrobat on your machine it allows pdfs to be opened in browsers. When you run xbap There is pretty much nothing different here. If it had launched a new process to be hosted inside the browser would this be "ok"?

Frankly, those looking to bitch about MS found another reason.

Don't like it? Uninstall the .Net Framework and/or Windows. Otherwise enjoy :)

Oh look just installed Adobe Reader. No window with flashing lights came up and told me BUT IT MODIFIED MY FIREFOX. GRAB UR PITCH FORX

http://i45.tinypic.com/x5xchj.jpg

Sigh.

This post was edited by MrHumpty on Wednesday, November 25, 2009 at 20:33.

#9 By 89249 (70.177.99.131) at 11/25/2009 8:36:17 PM
Oh and Avenger phrase it correctly when you're calling a spade a spade:

"Those who are utterly foolish or senseless like you"

#10 By 23275 (68.117.163.128) at 11/26/2009 1:17:21 AM
I'm glad Avenger is calling things out as they actually are and understand his frustration.

We're in upside down world these days. As long as one's remarks are anti-Microsoft, or anti-business, or anti-American it's okay to say whatever you want, however you want it.

You can call people names and liars all while lying and obfuscating the truth.

If you're really good at this work and understand Microsoft's platforms you're branded a shill. If you share solutions about how to get the most out of those platforms, you're a rabid Microsoft fanboi.

If you're a liberal and for huge government, but don't drive a business, or hire people and generate any wealth, you're on the good team and cool and can say whatever you want and it does not matter if it is at all backed up by a single fact. It's all to be taken as gospel.

It's refreshing to see a sharp as a razor guy come in here and tell it like it is and share some of the science and when lines are crossed and sensitivities touched with a needle, too bad - Net's comments are tame compared to the far more offensive and deeper things that are written here.

I say, rip them to shreds, Avenger - smack em around with facts and the truth around the platforms. The reality is that Microsoft makes a lot of software that is used by a lot of people and a great many businesses. That reality demands that smart people who know what they are doing have to actually get things done. Trying to get the most out of that software and work with what "is" does not make a person a shill, or a fanboi, or a liar or a sell out, or anything else bad at all. It makes one a sober, practical man that has things to do. This site needs guys like Avenger. I'd hate like hell to have invested so much in this place and developed so long for it, to see it populated with nothing but detractors that offer nothing.

#11 By 15406 (216.191.227.68) at 11/26/2009 8:31:25 AM
#6: Really? So when Firefox installs on MICROSOFT WINDOWS it should also then inform the user of every Registry and document handling changes it makes to the OS? Using your standard here...

That's not the same thing at all and you know it.

Get it?

I get that is isn't right. The cry of outrage when it happened means others get it too. MS apologized and changed it, so they get it too. Everyone gets it but you and the MS peanut gallery.

Besides, Firefox could have blocked or prevented this from installing or not used it, they DID NOT...

What?? I think you're confused or something. How is FF supposed to know that MS installed this plugin clandestinely without any user knowledge or approval?

Just the fact that you BELIEVE that things need to be covered up implies that you assume nefarious actions by Microsoft.

Have you been elsewhere for the past 20+ years? MS has earned its reputation as a company not to be trusted, a company that you must always question their real agenda, a company where you must always look for the hook or string. You seem to be one of those people that believes that MS should be able to do and get away with whatever it pleases. Most of the world disagrees.

Facts are facts, and this is where your opinion doesn't mean crap...

Yes, and dogs are dogs and cats are cats. What's your point again? Your entire post was opinion, but you're now talking about facts for some reason.

Really? Ok... (Edited to fit the AW passive aggressive rules

Somebody call the wahmbulance. I think we've got a crier.

#8: Don't like it? Uninstall the .Net Framework and/or Windows. Otherwise enjoy :)

I've got a better option. How about we complain about their actions until they are shamed into changing their behaviour so that it doesn't happen again?

Oh look just installed Adobe Reader. No window with flashing lights came up and told me BUT IT MODIFIED MY FIREFOX. GRAB UR PITCH FORX

Ah yes, the old "other people do it so it's perfectly OK' defense. My 5 yr old comes up with better excuses than that. The fact that Adobe does it doesn't make it right for MS to do it. Adobe is almost as bad, except that I don't have to use Adobe products to get my work done. As a leader in the industry, it's up to MS to set the example, not to follow the bad example of others.

#12 By 15406 (216.191.227.68) at 11/26/2009 8:32:22 AM
#10: I knew you would be along shortly to back up your brigade.

I'm glad Avenger is calling things out as they actually are and understand his frustration.

No, you're just here for moral support for a fellow MS cheerleader. He could have claimed that the Sun revolved around the Earth and you'd be leading the standing ovation with Humpty right behind you.

We're in upside down world these days. As long as one's remarks are anti-Microsoft, or anti-business, or anti-American it's okay to say whatever you want, however you want it.

Isn't freedom of speech wonderful? Or do you only respect it when people are saying things you agree with? btw anti-MS != anti-business/anti-USA. I'm surprised you didn't throw in mom and apple pie for good measure.

If you're really good at this work and understand Microsoft's platforms you're branded a shill.

No. If you constantly apologize for, explain away or just flat-out deny MS's regular shenanigans THEN AND ONLY THEN would you be called a shill, and even then there is no evidence of lucre changing hands so it might just be a case of run-of-the-mill fanboyism. Either way the effect is the same: constant apologies and denials.

I say, rip them to shreds, Avenger - smack em around with facts

Good luck with that. Isn't he another one of those guys that disappears when he ends up at a disadvantage in the debate? Maybe you could spare him some of your facts. You seem to have an endless supply from the MS Get The Facts site.



#13 By 28801 (71.58.225.185) at 11/26/2009 9:41:24 AM
Bottom Line - This was not some clandestine plot hatched by MS to take over the world as Latch would have you think. This was probably a bad decision made by some mid-level executive. As Latch pointed out, "MS apologized and changed it". What's the big deal?

That said, MS should have alerted the user about the install of the plugin.

One observation - Latch, in nearly all your posts there is some smug little comment meant to belittle the other poster. We're all guilty of it once in a while, but you've taken it to a new level. You claim to be on some mission to inform the world and specifically this community that MS is the evil empire and every move they make is to the detriment of computer users all over the world.

Nearly 3200 posts later, you've swayed no one. Hang in there though - disparaging remarks and sarcasm have always been good tools to sway opposing views (see).


This post was edited by rxcall on Thursday, November 26, 2009 at 09:42.

#14 By 241766 (216.191.227.68) at 11/26/2009 10:27:50 AM
#8: When you install Acrobat on your machine it allows pdfs to be opened in browsers

This is called Argumentum ad populum, or Argument from popular opinion. This is a logical fallacy. As Latch points out, just because others do it does not mean that it is a valid thing for Microsoft to do.

#15 By 15406 (216.191.227.68) at 11/26/2009 10:50:05 AM
#13: This was not some clandestine plot hatched by MS to take over the world as Latch would have you think.

No, I don't believe it was a plot at all. I think it was a boneheaded, inconsiderate decision. I just don't agree with that practice and said so against the usual AW gang that thinks MS can do no wrong. IN this thread, I was backing TechLarry who was being attacked by NA.

Latch, in nearly all your posts there is some smug little comment meant to belittle the other poster.

I tend to reply to people with the same level of respect that they show me. You've never really given me a hard time and I treat you with respect. Others try to tell me I'm a liar, ignorant or stupid, and I take exception to that. I can be a nasty f***er when provoked. If I think you're blowing smoke up my (or anyone else's) ass, I'll call you out on that. I call it as I see it and I will not apologize for that. That said, I only have to deal harshly with 4 or 5 users here. The rest I have no problems with. Even then, Ketchum keeps it civil and I try to do the same.

Nearly 3200 posts later, you've swayed no one.

You have no idea as to whether that is true or not. I started posting here not to underscore MS's nonsense but to counter those who constantly spun everything as ridiculous pro-MS rainbows. I'm also aware that MS funds astroturf groups that use blogs & web forums to sway popular opinion in MS's favour. I don't believe that anything I say can sway the true believers here, but there are a lot of lurkers who read these forums. Part of it is that I enjoy arguing/debating. That's why I haven't been scared off over the years when holding my own against numerous microbot offensives - like this thread. Apparently, microbots think MS should be able to do whatever it wishes to your systems. Reasonable people take exception to that point of view. It's can't be any more black and white than that.

#16 By 89249 (70.177.99.131) at 11/26/2009 10:59:27 AM
#14 - lol @ legal analogy. There are plenty of stand alone software providers that install plugins into the browsers that exist on the system at the time of installation.

The fact that it has been popular to do this with software packages for a decade or more provides legal reasoning for MS to do the same if we're going with legal views on the subject.

Now if you had been in court where a local city council required every household to have a dog or cat using the fact that most people have either a dog or cat... your application of popular opinion would be valid.

This is a instance of preceived convenience by the manufacturer. I don't believe it to be misplaced but cries of "This is Bullshit." or decriptions of those who disagree that there was malace exemplifies "MS Apologist of the Year" is childish and dumb.

Move along, there are much bigger issues in the computer industry than that of the .Net Framework installing a plugin to browsers on a system.

#17 By 241766 (216.191.227.68) at 11/26/2009 1:44:39 PM
#16: The fact that it has been popular to do this with software packages for a decade or more provides legal reasoning for MS to do the same if we're going with legal views on the subject.

Your counter to my accusation of you using a logical fallacy is to use the same logical fallacy? Incredible! "They did it first!" is your argument? What are you, 6 years old? People have used Rohipnol (roofies) to rape women for over a decade, and quite a few people have done this, but that reasoning does not mean you can go and buy some roofies and do the same thing whenever the mood hits you. That is why your argument is a logical fallacy.

The error Microsoft made was not displaying a simply pop-up indicating that it was going to install this plug-in into Firefox, and asking if it was allowed before proceeding or aborting. This simple step would have avoided the entire issue. I can opt out of any other Microsoft update they throw my way by simply deselecting it, but I didn't have that option with this alteration to my system. This was an arrogance on Microsoft's part, and that is why people are up in arms about it.

#18 By 28801 (71.58.225.185) at 11/26/2009 11:32:49 PM
#17: To compare the installation of a plugin on a browser with date rape demonstrates that you really don't have a grasp of the situation. Surreptitious installations such as these are not a crime. Humpty was suggesting that they are rather commonplace and have become somewhat tolerated if not accepted. This may or may not be true, but comparing it to date rape is just plain wrong. A better analogy might be people talking on cell phones in public; there’s no law against it, but it can be annoying.

Personally, I believe that there should have been a popup but let’s face it, we wouldn’t even be having this discussion if the plugin didn’t expose FF to a security hole. No really cares about this silent install. It’s just an opportunity to hump Microsoft on another front.

#15: “I tend to reply to people with the same level of respect that they show me.” Apparently, you also tend to hold grudges since it was you that fired the first salvo in this thread – “You really are vying with Ketchum for the title of MS Apologist of the Year, aren't you?”


#19 By 241766 (216.191.227.68) at 11/27/2009 8:01:30 AM
#18: "To compare the installation of a plugin on a browser with date rape demonstrates that you really don't have a grasp of the situation."

Your statement clearly demonstrates that you do not have a firm grasp on reading skills. I was clearly not comparing Microsoft's actions to date rape. I was comparing MrHumpty's "it is okay for Microsoft to do it because Adobe did it first / also" argument to date rape, as an example of why it is bad logic. Nothing more. Next time, please try using both eyes when reading.

ETA: For the record, what you did was called the Straw Man logical fallacy, as you attributed to me things I did not actually say, to prop up your own slanted argument.

This site seems to be full of logical fallacies. I think logical fallacy bingo cards would work well here. :-) Or even a logical fallacy drinking game, where everyone has to take a drink every time a logical fallacy is pointed out. :-)

This post was edited by TheSkepticCanuck on Friday, November 27, 2009 at 08:11.

#20 By 15406 (216.191.227.68) at 11/27/2009 10:49:28 AM
#18: Apparently, you also tend to hold grudges since it was you that fired the first salvo in this thread

Grudges have nothing to do with it. NA was jumping on TL, so I jumped on NA. Not only that, but he was jumping on TL with an offensive MS fanboy opinion that most people find objectionable. Considering Ketchum usually carries the water for MS, NA has been very active lately in that same role. I was calling a spade a spade.

#21 By 28801 (71.58.225.185) at 11/27/2009 10:55:01 AM
#19: Apparently, you are the one with the comprehension issue since I had to spoon-feed Humpty's obvious meaning to you. Once again, he was not giving the "they did it first, so it's OK for me to do it" argument, he was implying that it has become a commonplace and accepted practice. In post #16 Humpty states “The fact that it has been popular to do this with software packages for a decade”.

This is the true debate!

Personally, I'm not sure I agree with Humpty; this practice may be commonplace but it is more tolerated than accepted. I think Microsoft has demonstrated by their corrective actions that they don’t agree with the practice either.

You can hide behind the C+ you got in 10th grade Debate class all you want, the bottom line is that your date rape comparison sucked like a buck-toothed virgin with braces.


This post was edited by rxcall on Friday, November 27, 2009 at 12:22.

#22 By 13997 (71.193.149.254) at 11/27/2009 3:18:32 PM
Somehow this thread has gotten even uglier and more insane.

#20 Latch - You were just jumping into something to 'save' TL? Really, you think people need YOU to defend their viewpoints or posts? Delusions of Grandeur a bit much...

The irony is that you ‘weigh in’ on subjects that you seem to know knowing about, again only when they somehow poke a hole in your view of reality. And again you go on and on about how horrible Microsoft is and blah blah gag.

Don’t you ever get tired of the same repetitive inane rambling that often has little to do with the topic and is just a way for you to rip into Microsoft for some sick personal pleasure?


#11 – 19 The real argument here is where the boundaries are between software an OS and ADDITIONAL software and what was crossing that line.

The user had already permitted .NET 3.0 to be installed, along with the IE ‘controls’ and other system modifications. If you NEVER permitted or installed .NET 3.0 on your computer, guess what, you didn’t get the update and you didn’t get the Firefox plugin. This was NOT forced on users. DO YOU HEAR ME LATCH?

Firefox playing the ‘innocent’ victims in this story is a bit disturbing, considering they had PRIOR knowledge about the MS .NET update and Firefox plugin, and had NO problems with it whatsoever. These types of updates and this Plugin was not just magically added without people on the Firefox team knowing it was scheduled and even working with Microsoft, as they wanted to be sure web base WPF applications worked in Firefox too.

If the plugin in Firefox hadn’t created an exploit, people to this day would NOT be complaining about it, or even care. Which makes it even harder to define where the boundaries are between software on a user’s computer should be, because without the exploit, the boundaries are significantly different than they are with the exploit.

#23 By 12071 (124.171.4.239) at 11/27/2009 6:35:03 PM
#22 "The real argument here is where the boundaries are between software an OS and ADDITIONAL software and what was crossing that line. "
According to you there is no boundary - it's Microsoft's OS therefore any other application of theirs can modify anything, anywhere, anytime because it's Microsoft's OS. How about an initial line of what's in "program A's" directory can only be modified by an update to program A or by any other application as long as it a) notified the user of said change and b) allows them to opt out of that part of the change.

"The user had already permitted .NET 3.0 to be installed, along with the IE ‘controls’ and other system modifications."
Where in that sentence did it mention FireFox? Or any other browsers for that matter? So he didn't actually permit it to update FireFox then you'd have to agree.

"Firefox playing the ‘innocent’ victims in this story is a bit disturbing, considering they had PRIOR knowledge about the MS .NET update and Firefox plugin, and had NO problems with it whatsoever. These types of updates and this Plugin was not just magically added without people on the Firefox team knowing it was scheduled and even working with Microsoft, as they wanted to be sure web base WPF applications worked in Firefox too. "
Care to post some evidence that backs this up? Sure Mozilla and Microsoft worked together on the plugins AFTER the fact but I'm curious about all this stuff that you say happened before hand.

"If the plugin in Firefox hadn’t created an exploit, people to this day would NOT be complaining about it, or even care."
That's true... no-one complained, talked about or even cared about the first time Microsoft did this with the .net framework assistant addin:

http://robertnyman.com/2009/01/26/microsoft-force-installs-firefox-extension/
http://tech.slashdot.org/article.pl?sid=09/02/01/2143218
http://blogs.techrepublic.com.com/security/?p=1716
http://www.u-g-h.com/2009/01/30/microsoft-net-framework-35-violates-firefox/
http://www.lehsys.com/2009/05/firefox-microsoft-net-framework-assistant-just-say-no/
http://voices.washingtonpost.com/securityfix/2009/05/microsoft_update_quietly_insta.html
http://www.geek.com/articles/news/microsoft-net-update-installs-firefox-add-on-without-permission-2009061/
etc etc etc...

#24 By 23275 (68.117.163.128) at 11/27/2009 7:42:06 PM
No software, from any company, regardless of intent, should ever install any other software on a computer that the end user is not aware of, and approves of. Ever!

Nearly all companies violate this and it should not be the case. Dependent software needs to be identified to end users and the uses of it explained clearly.

The relationship between software publishers and users needs to evolve and become much more open and transparent. Customers at every level have to be informed and provided clear information on what software is doing and with whom it is communicating.

Most people would be shocked at the number and type of connections their software is initiating and maintaining. They need to know what they are and be able to decide if they want it.

#25 By 1090562 (123.20.172.167) at 4/2/2013 4:52:08 AM
http://vietfuntravel.com/mui-ne-sunset-sand-dune-half-day-tour Mui Ne Sunset Sand Dune Half Day Tour | http://vietfuntravel.com/mui-ne-sunrise-sand-dune-half-day-tour Mui Ne Sunrise Sand Dune Half Day Tour | http://vietfuntravel.com/mui-ne-beach-tours-from-ho-chi-minh-city-3-days Mui Ne Beach Tours From Ho Chi Minh City 3 Days | http://vietfuntravel.com/mui-ne-beach-vietnam-tour-2-days-1-night-from-saigon Mui Ne Beach Vietnam Tour 2 Days 1 Night From Saigon | http://vietfuntravel.com/dalat-city-tour-1-day Dalat City Tour 1 Day | http://vietfuntravel.com/dalat-countryside-1-day-tour Dalat Countryside 1 Day Tour | http://vietfuntravel.com/saigon-dalat-nha-trang-5-days-4-nights-tour Saigon - Dalat - Nha Trang 5 Days 4 Nights Tour
|http://vietfuntravel.com/ Vietnam Tours

Write Comment
Return to News
  Displaying 1 through 25 of 332
Last | Next
  The time now is 5:21:33 AM ET.
Any comment problems? E-mail us
User name and password:

 

  *  
  *   *