Saturday, October 17, 2009

Microsoft Minefield

I got this dialog today telling me that the Microsoft .NET Framework extension and the Windows Presentation Foundation plugin "are known to cause stability or security problems" and that "these add-ons have a high risk of causing stability or security problems and have been blocked, but a restart is required to disable them completely".

Well, I thought as this is a nightly trunk build and some new code is being tested and Mozilla are teasing the Borg again. Not so! The more information link leads to http://www.mozilla.com/en-US/blocklist/ which itself leads to Bug 522777 where the add-on has been blocked because of a remote code execution vulnerability - i.e. go to the wrong website and Bad Things will happen. So a lot of people are going to see this soon (as the framework assistant was installed by .Net 3.5 SP1). In fact, from reading the bug and around, I can't really see why the framework assistant was blocked, except as a bit of punishment. Mind you, I was never really sure why they bothered in the first place as ClickOnce apps (KeyMapper has a ClickOnce install option) work OK in FireFox as long as you are prepared to ClickTwice, once to get the manifest and then run that to get the app: the way they initially installed it in such a way as it could only be removed by editing the registry and not by the usual channels was a huge faux-pas as well, for obvious reasons. Still, we all make mistakes.



Edit: I don't remember Flash ever getting blocked, and it has had some nasty bugs as well..

1 comment:

Web Solutions said...

Apart from restart option we can disable these options!
- J.
Web Solutions