Saturday, October 17, 2009

Microsoft Minefield

I got this dialog today telling me that the Microsoft .NET Framework extension and the Windows Presentation Foundation plugin "are known to cause stability or security problems" and that "these add-ons have a high risk of causing stability or security problems and have been blocked, but a restart is required to disable them completely".

Well, I thought as this is a nightly trunk build and some new code is being tested and Mozilla are teasing the Borg again. Not so! The more information link leads to which itself leads to Bug 522777 where the add-on has been blocked because of a remote code execution vulnerability - i.e. go to the wrong website and Bad Things will happen. So a lot of people are going to see this soon (as the framework assistant was installed by .Net 3.5 SP1). In fact, from reading the bug and around, I can't really see why the framework assistant was blocked, except as a bit of punishment. Mind you, I was never really sure why they bothered in the first place as ClickOnce apps (KeyMapper has a ClickOnce install option) work OK in FireFox as long as you are prepared to ClickTwice, once to get the manifest and then run that to get the app: the way they initially installed it in such a way as it could only be removed by editing the registry and not by the usual channels was a huge faux-pas as well, for obvious reasons. Still, we all make mistakes.

Edit: I don't remember Flash ever getting blocked, and it has had some nasty bugs as well..

1 comment:

Web Solutions said...

Apart from restart option we can disable these options!
- J.
Web Solutions