• MS09-054 patch zaps Firefox

    Posted on October 17, 2009 at 07:14 CDT by Comment in the Forums

    Now it looks like this round of patches includes one, MS09-054, that messes up Firefox.

    If you have .NET Framework 3.5 SP1 installed, and you use Firefox, you’re opening up your system to all sorts of mayhem. The mayhem was supposed to be plugged by MS09-054, but it only made the situation worse. The problem? A Firefox plug-in that Microsoft installs called the Windows Presentation Foundation.

    Just in from the SANS Internet Storm Center:

    if you use Windows, install patches, and also have Firefox, oddly enough you will want to read the following Microsoft KB article entitled “How to remove the .NET Framework Assistant for Firefox

    UPDATE: Ryan Naraine at ZDNet has the details. Yes, Microsoft installed a “patch” with a security hole that affects Firefox. If you have automatic updates turned on, or you got fooled into installing MS09-054, you have to go into Firefox and manually turn off the bleeding add-on that Microsoft surreptitiously put on your computer.

    REALLY COOL UPDATE:

    I just re-started Firefox and it caught the two suckers. “Firefox has determined that the following add-ons are known to cause stability or security problems.” The culprits: .NET Framework Assistant and Windows Presentation Foundation. Both are blocked by default. Restart Firefox and you’ll be rid of the pests.

    Take THAT Microsoft…

    ANOTHER UPDATE: One reader left a comment about this patch, and I wanted to clarify. Yes, indeed, this patch was supposed to fix the earlier security hole created when Microsoft took it upon itself to install the .NET Framework Assistant in Firefox. (I cried about that patch in a blog entry four months ago.) While MS09-054 was supposed to fix the hole in Firefox introduced by Microsoft, it’s much smarter to simply disable Microsoft’s .NET Framework Assistant for Firefox. That’s exactly what Firefox has done. (Indeed, it’s what Microsoft recommended!) It isn’t clear, at this point, if MS09-054 makes the problem worse or not – thus the markthrough edits to the beginning of this post.

    Windows Patches/Security , , ,
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    April 2025
    S M T W T F S
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.