Microsoft quietly installs a massive security vulnerability in Firefox

[Evil Edna]

Just saw this on anther forum that I use. The only reason I'm posting this is because that both windows computers in my house have suffered with Trojans that I've have spent the best part of a day cleaning up. Personally I don't have to worry about this, thank you Linux but my dad and sister on the other hand......
I found a very good av scanner that will identify and remove malicious software that will work with what ever AV your using now unless your AV is the nutts? anyway it got rid of there bug's. (Sorry avg wont cut it)
Malwarebytes.org
Anyway have a read on this explains whats going on.


in a surprise move this year, Microsoft has decided to quietly install what amounts to a massive security vulnerability in Firefox without informing the user. Find out what Microsoft has to say about it, and how you can undo the damage.

According to Annoyances.org, however, it does something that isn’t listed there — it installs the Microsoft .NET Framework Assistant extension for Firefox, silently, without informing the user. If you had Firefox on your computer when this update was installed, you may be subject to some dire consequences. In Remove the Microsoft .NET Framework Assistant (ClickOnce) Firefox Extension, Annoyances.org says:

This update adds to Firefox one of the most dangerous vulnerabilities present in all versions of Internet Explorer: the ability for websites to easily and quietly install software on your PC. Since this design flaw is one of the reasons you may’ve originally choosen to abandon IE in favor of a safer browser like Firefox, you may wish to remove this extension with all due haste.

According to annoyances.org :
you can find it at this link http://annoyances.org/exec/show/article08-600

"Remove the Microsoft .NET Framework Assistant (ClickOnce) Firefox Extension

Intended For
Windows 2000
Windows 7
Windows XP
Windows Vista

The Microsoft .NET Framework 3.5 Service Pack 1 update, pushed through the Windows Update service to all recent editions of Windows in February 2009, installs the Microsoft .NET Framework Assistant firefox extension without asking your permission.
This update adds to Firefox one of the most dangerous vulnerabilities present in all versions of Internet Explorer: the ability for websites to easily and quietly install software on your PC. Since this design flaw is one of the reasons you may've originally choosen to abandon IE in favor of a safer browser like Firefox, you may wish to remove this extension with all due haste.

Unfortunately, Microsoft in their infinite wisdom has taken steps to make the removal of this extension particularly difficult - open the Add-ons window in Firefox, and you'll notice the Uninstall button next to their extension is grayed out! Their reasoning, according to Microsoft blogger Brad Abrams, is that the extension needed "support at the machine level in order to enable the feature for all users on the machine," which, of course, is precisely the reason this add-on is bad news for all Firefox users.

Here's the bafflingly-convoluted procedure required to remove this garbage from Firefox:

Open Registry Editor (type regedit in the Start menu Search box in Vista/Windows 7, or in XP's Run window).
Expand the branches to the following key:
On 32-bit systems: HKEY_LOCAL_MACHINE \ SOFTWARE \ Mozilla \ Firefox \ Extensions
On x64 systems: HKEY_LOCAL_MACHINE \ SOFTWARE \ Wow6432Node \ Mozilla \ Firefox \ Extensions
Delete the value named {20a82645-c095-46ed-80e3-08825760534b} from the right pane.
Close the Registry Editor when you're done.
Open a new Firefox window, and in the address bar, type about:config and press Enter.
Type microsoftdotnet in the Filter field to quickly find the general.useragent.extra.microsoftdotnet setting.
Right-click general.useragent.extra.microsoftdotnet and select Reset.
Restart Firefox.
Open Windows Explorer, and navigate to %SYSTEMDRIVE%\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation.
Delete the DotNetAssistantExtension folder entirely.
Open the Add-ons window in Firefox to confirm that the Microsoft .NET Framework Assistant extension has been removed.
It will be a great day when PC users no longer have to waste this much time to protect themselves from those who write the software they use. (And if you're thinking, "Why not just use a Mac," may I remind you of the MobileMe junk recently installed on so many Windows machines without their owners' permission!)"

Here is a patch from MS that allows the user to uninstall this via the uninstall button in the Firefox Add-ons window so you don't have to go to the registry....
Download details: Update to .NET Framework 3.5 SP1 for the .NET Framework Assistant 1.0 for Firefox

 

[BensGrandad]

In short what does this mean to a thickie like me and how can I remedy it if it causes a problem.

 

[Superphil]

what exaclty is wrong with IE8?

 

[Evil Edna]

Tbh I have not had time to sort this out yet but from what I can see is click the bottom link and this will go back to framework for firefox. Then open the Add-ons window in Firefox to confirm that the Microsoft .NET Framework Assistant extension has been removed. Will test this tomorrow on sisters comp 1st then dads. He does not usually let me tinker with his comp.... So sister hog gets it first.

 

[Evil Edna]

Only came across this tonight about 15mins or so ago, dads comp was grinding like anything last night. I checked the task manger it had an agent.exe running so today I d/loaded that AV to get rid of it then did some other cleans on it. My sisters comp had a whopping 76 bug's on it. Lucky I came back for a home visit really. Like I say I only stumbled across this just now so I'm thinking that's the reason as they both use FF. And my dads safe with his browsing habits. Not sure about my sister though? I'm thinking not some how.

 

[disgruntled h blocker]

I wonder to what extent this is being blown out of proportion? Adding this .net function to a web browser is designed solely for web-apps to do live updates if they are using the Firefox client.

In another, less techie matter, it shows as much for Microsoft as it does for Mozilla. How well made can the browser be made for it to 'allow' the .net framework extension add-on to install itself and be enabled without going through application on_load checks in the first place?

 

[SNOOBS]

Can you just describe the problem is one sentence.

 

[disgruntled h blocker]

A windows update includes some additional functionality for third party browsers (firefox, opera etc) which may inhibit the ability for bogus / dodgy sites to download software onto the clients computer.

 

[Superphil]

A windows update includes some additional functionality for third party browsers (firefox, opera etc) which may inhibit the ability for bogus / dodgy sites to download software onto the clients computer.

Sounds like a good idea to me, is it not?

 

[disgruntled h blocker]

Sounds like a good idea to me, is it not?

But it's not as simple as that.

It's like people saying that hunting rifles should be banned because they can be used to shoot people....

 

[Evil Edna]

Ok this was bugging me a bit so I've just been downstairs on my sisters lappy and checked the extentions and can't see it there?

Like here.

Also had a look in the registry for this number {20a82645-c095-46ed-80e3-08825760534b} that I'm supposed to delete but I can't see it. Posted on the other forum that I'm on waiting for a reply. Will check my dads out tomorrow. hmmz

 

[bhaexpress]

Just checked my Firefox and all my stuff is bang up to date. There's nothing about it it present.

 

[Superphil]

If my Internet Explorer didn't work so well, I might give Firefox a go, but IE is just fine for me for now.

 

[TrickyOne]

Just been having a look, but can't see owt in this "Add-ons" thing. Does that mean it's ok or is it a case of searching deeeper?? I'm a bit of a divvy when it comes to computers tbh, further advice would tops.

 

[severnside gull]

Sometimes I'm glad I'm not a techie

 

[itszamora]

Sounds like a good idea to me, is it not?

I don't think inhibit was quite the word he should have used. This update apparently makes it easier for crap to get installed on your computer without you knowing, not harder.

 

[Evil Edna]

Just been having a look, but can't see in this "Add-ons" thing. Does that mean it's ok or is it a case of searching deeeper?? I'm a bit of a divvy when it comes to computers tbh, further advice would tops.

Well just had a look on my dads pc and nothing. I looked deeper in the registry and found nothing, so I'm thinking everything OK. Unless someone tells me different,
the virus he had must of been just a coincidence.
Think I was jumping the gun? Would be very intrested to hear if anyone has this in there FF extensions.

 

[NMH]

Bunch of arse.
Drivers could not be installed, something about being on a CDRom and HP photo imaging or some shit.

 

[Evil Edna]

Bunch of arse.
Drivers could not be installed, something about being on a CDRom and HP photo imaging or some shit.

Wind up?

 

[gullshark]

I think it's a bad idea for blind updates on user's computers. It's MY computer, the software on it is the software I want - if anything sees the need to install additional unwanted components WITHOUT prompting me then I seek an alternative.

And in the question to 'What's wrong with IE8?' is that IE6 and 7 were buggy, full of security holes and in general behind the competition - IE8 may address a load of these issues but it still cannot even match the customisability of FF. (I've got advanced ad blocking and privacy features, a flash blocker (so I don't have to load them if I don't want to), FireBug (fantastic web development plugin/console), GreaseMonkey (can write scripts to modify certain websites to strip out ads or add functionality - Userscripts.org: Power-ups for your browser)