The Inquirer-Home

Mozilla shoots Microsoft plug-in

Security risk, briefly
Mon Oct 19 2009, 11:14

A BIG CHEESE at the Mozilla Foundation first ordered a Volish plug-in to be shot as a security risk and then decided it was alright really.

The Firebadger developers blocked a Firefox plugin that had been quietly pushed out by Microsoft, saying that it presents a security risk.

The add-on was released by the Vole as part of a .Net software update last February. It could be disabled but was tricky to completely remove.

The Vole has warned that Firebadger users who have not applied a recent Internet Explorer patch that they were vulnerable to a "browse-and-get-owned attack" because of the add-on.

It said that if users had installed the update for Internet Explorer they would be safe. Quite why anyone would install anything for Internet Exploder if they did not use it, Microsoft did not say.

Mozzarella responded by automatically blocking two add-ons - the Microsoft .Net Framework Assistant and a related plugin called the Windows Presentation Foundation.

Given that most users will probably have installed the Volish upgrade this is shutting the door not only after the horse has bolted but also after it moved to another country and set itself up under an assumed name.

However when we woke up this morning the so called security threat was nothing of the sort.

Mozzarella apparently has had a rethink and decided that the 'security threat' is really nothing to worry about after all and unblocked it.

Mozilla's Vice President of Engineering, Mike Shaver, after first claiming in his blog that Microsoft agreed to this plan, is now saying that he changed his mind after the Vole told him that the Framework Assistant was not "a mechanism for exploiting the vulnerabilities". µ

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Heartbleed bug discovered in OpenSSL

Have you reacted to Heartbleed?