Firefox disconnected from the "dangerous" WPF
On Saturday morning, many Firefox users saw a message about disabling the Windows Presentation Foundation plug-in, as stated, "representing a security risk."
Mozilla developers soon explained that a massive shutdown of the .NET Framework Assistant plug-in and its sister Windows Presentation Foundation was actually done through a central locking mechanism. This is due to a serious vulnerability identified in June. Microsoft itself recommends that its users disable the .NET Framework Assistant if they have not installed a patch for IE.
Microsoft was previously notified of the actions of Mozilla and gave the go-ahead, so the locking mechanism was launched on Saturday at about 5:00 am Moscow time.
')
Soon the contact was again representatives of Microsoft. They informed that the .NET Framework Assistant plugin does not actually pose a security risk and cannot be used to launch exploits for the aforementioned vulnerability. Immediately after this, the .NET Framework Assistant was unlocked . Thus, his quarantine lasted only about 48 hours. But the second plug-in of Windows Presentation Foundation still remains in the “black list”.
If it seemed to you that you did not install such a plugin in your browser, then keep in mind that the .NET Framework Assistant penetrated Firefox relatively covertly during the February Windows update (this was already discussed in Habré). Instructions for removing the Microsoft .NET Framework 3.5 Service Pack 1 from the system, see here (you must manually edit the registry, otherwise the service pack is not removed).
Mozilla developers soon explained that a massive shutdown of the .NET Framework Assistant plug-in and its sister Windows Presentation Foundation was actually done through a central locking mechanism. This is due to a serious vulnerability identified in June. Microsoft itself recommends that its users disable the .NET Framework Assistant if they have not installed a patch for IE.
Microsoft was previously notified of the actions of Mozilla and gave the go-ahead, so the locking mechanism was launched on Saturday at about 5:00 am Moscow time.
')
Soon the contact was again representatives of Microsoft. They informed that the .NET Framework Assistant plugin does not actually pose a security risk and cannot be used to launch exploits for the aforementioned vulnerability. Immediately after this, the .NET Framework Assistant was unlocked . Thus, his quarantine lasted only about 48 hours. But the second plug-in of Windows Presentation Foundation still remains in the “black list”.
If it seemed to you that you did not install such a plugin in your browser, then keep in mind that the .NET Framework Assistant penetrated Firefox relatively covertly during the February Windows update (this was already discussed in Habré). Instructions for removing the Microsoft .NET Framework 3.5 Service Pack 1 from the system, see here (you must manually edit the registry, otherwise the service pack is not removed).
Source: https://habr.com/ru/post/72786/
All Articles