Follow us on Twitter!
Imagination is more valuable than knowledge - Albert Einstein
Thursday, April 24, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 31
Guests Online: 26
Members Online: 5

Registered Members: 82903
Newest Member: Piriformis
Latest Articles
View Thread

HellBound Hackers | Computer General | Increasing Security

Author

Microsoft drive by plugin affects Firefox users


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 17-10-09 17:43
Hey guys, long time no see. I hope this topic hasn't been raised before, but today Firefox has recently been showing that a new plugin called Windows Presentation Foundation had been installed. I don't recall installing it, so I google the name.
http://www.osnews. . ._Microsoft.
Code

Whilst it's not okay in Microsoft's eyes for Google to install a plugin into Internet Explorer, increasing the potential surface area of attack, when Microsoft do it to Firefox, it's a different matter. Now a security hole has been found in a plugin that Microsoft have been silently installing into Firefox.

Along with .NET Framework 3.5 SP1, Microsoft have been silently installing a Windows Presentation Foundation Plugin that allows the embedding of XAML applications (an XML-based UI technology) in web pages, called XBAP (XAML Web App).

The exploit is drive-by, meaning that the victim only needs to be lured onto a web-page for the attack to be effective. The only safe thing to do until a patch is issued, is to open Firefoxr17;s AddOn Manager and disable the WPF plugin.

Microsoft were caught earlier this year silently installing a r0;.NET Framework Assistantr1; plugin into Firefox, which could not initially be uninstalled. After some pressure from the press, Microsoft relented and provided an update to enable the uninstall button. That update then broke a number of other Firefox extensions.

The only thing that surprises me more, is that Ir17;m not surprised that Microsoft could be this incompetent when it comes to the safety of all users of the web using Windows, regardless if theyr17;re using IE or not.

With greater marketshare than ever before, and a firm position in the mainstream, every software vendor and their dog are wanting to integrate with Firefox. This has led to numerous unwanted, irritating and often uninstallable plugins to add themselves to Firefox. WPF is really only the tip of the iceberg.

Silently installing software on your computer that you are unaware of, is called malware in my book. Mozilla have the capability to blacklist plugins and addons if they misbehave or pose a threat. Frankly, if I were Mozilla, I would ban Microsoftr17;s plugins from Firefox until they provide an opt-in interface.

This also raises concerns with how Mozilla handle extensions and plugins being installed into the browser without the userr17;s permission. Whilst Firefox will bring up the AddOns Manager when a new extension is installed, the new extension is not disabled by default until you permit it (Mozilla are working on a proposal for this). External programs on the computer can install extensions into Firefox with nothing more than a registry key, and plugins that are added outside of Firefox itself will not be reported to the user (as in the case with WPF).

With good timing, Mozilla have been working on a Plugin Check system to ensure that users are kept up to date with plugins, which pose a security threat and are a part of the browser users are often unaware of. This follows Mozilla alerting users to an out of date Flash Player version on their landing page for updated Firefox versions.

HTML5 promises to reduce the need for plugins by providing much of the same functionality natively, in the browser via SVG, JavaScript and native video and audio elements. In my opinion, Mozilla need to take a hard stance and stop this plight of plugins as it may turn people off of using Firefox, not least lead to bad press as more plugins are used as exploit vectors in the face of growing Firefox marketshare.







Author

RE: Microsoft drive by plugin affects Firefox users


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 18-10-09 00:33
Microsoft should have at least warned users. Now its tarnished their users trust and their own reputation.
Author

RE: Microsoft drive by plugin affects Firefox users


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 18-10-09 00:34
MrTeeny wrote:
Microsoft should have at least warned users. Now its tarnished their users trust and their own reputation.


You're implying Microsoft has a reputation, and a userbase that trusts them.
Author

RE: Microsoft drive by plugin affects Firefox users

korg
Admin from hell



Posts: 2798
Location: ENDING YOUR ONLINE EXPERIENCE!
Joined: 01.01.06
Rank:
God
Posted on 18-10-09 01:27
Microsoft loves to shove the silent updates on us. Always check your IE add-ons and MS programs. Just uninstall anything sketchy. Same in firefox just uninstall the shit forever.


i57.photobucket.com/albums/g215/korg1269/shodan13.jpg

I deal in pain, All life I drain, I dominate, I seal your fate.
O R
Author

RE: Microsoft drive by plugin affects Firefox users


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 18-10-09 01:34
korg wrote:
Just uninstall anything sketchy.


Uninstall Microsoft® operating systems? Good idea!
Author

RE: Microsoft drive by plugin affects Firefox users

korg
Admin from hell



Posts: 2798
Location: ENDING YOUR ONLINE EXPERIENCE!
Joined: 01.01.06
Rank:
God
Posted on 18-10-09 01:41
f16e7 wrote:
Uninstall Microsoft® operating systems? Good idea!


Ha, Now that's a good one!


i57.photobucket.com/albums/g215/korg1269/shodan13.jpg

I deal in pain, All life I drain, I dominate, I seal your fate.
O R
Author

RE: Microsoft drive by plugin affects Firefox users

stealth-
Member



Posts: 1003
Location: Eh?
Joined: 10.04.09
Rank:
Mad User
Posted on 18-10-09 06:31
This is just another example of microsoft being incompetent while trying to hide things from its users. Shouldn't be a surprise, in fact I would have thought most people would come to expect this from them by now.

Move along, not really that big of a deal :ninja:


The irony of man's condition is that the deepest need is to be free of the anxiety of death and annihilation; but it is life itself which awakens it, and so we must shrink from being fully alive.
http://www.stealt. . .
http://www.stealth-x.com
Author

RE: Microsoft drive by plugin affects Firefox users


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 18-10-09 12:02
Removal Instructions http://ffextensio. . .extension/
ffextensionguru.wordpress.com
In Windows Explorer go to this location:
C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
This folder should contain 2 sub-folder and 2 files. Just in case for some odd reason you might need these files, create a zip or rar file containing these items and place it somewhere else.
Delete everything in this folder, but leave the folder
Restart Firefox and go to your add-ons list. The add-on should no longer be listed.
In the address bar type about:config
In the Filter field type general.useragent
Look for an entry called general.useragent.extra.microsoftdotnet
Right -click on the entry and select r16;resetr17;


and here as well
http://www.annoya. . .cle08-600)
annoyances.org
Open Registry Editor (type regedit in the Start menu Search box in Vista/Windows 7, or in XP's Run window).
Expand the branches to the following key:
On 32-bit systems: HKEY_LOCAL_MACHINE \ SOFTWARE \ Mozilla \ Firefox \ Extensions
On x64 systems: HKEY_LOCAL_MACHINE \ SOFTWARE \ Wow6432Node \ Mozilla \ Firefox \ Extensions
Delete the value named {20a82645-c095-46ed-80e3-08825760534b} from the right pane.
Close the Registry Editor when you're done.
Open a new Firefox window, and in the address bar, type about:config and press Enter.
Type microsoftdotnet in the Filter field to quickly find the general.useragent.extra.microsoftdotnet setting.
Right-click general.useragent.extra.microsoftdotnet and select Reset.
Restart Firefox.
Open Windows Explorer, and navigate to %SYSTEMDRIVE%\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation.
Delete the DotNetAssistantExtension folder entirely.
Open the Add-ons window in Firefox to confirm that the Microsoft .NET Framework Assistant extension has been removed.