Slashdot Mirror

← Back to Stories (view on slashdot.org)

Sneaky Microsoft Add-On Put Firefox Users At Risk

Posted by ScuttleMonkey on from the bad-microsoft-no-donut dept.

CWmike writes to mention that the "Windows Presentation Foundation" plugin that Microsoft slipped into Firefox last February apparently left the popular browser open to attack. This was among the many things recently addressed in the massive Tuesday patch. "What was particularly galling to users was that once installed, the .NET add-on was virtually impossible to remove from Firefox. The usual 'Disable' and 'Uninstall' buttons in Firefox's add-on list were grayed out on all versions of Windows except Windows 7, leaving most users no alternative other than to root through the Windows registry, a potentially dangerous chore, since a misstep could cripple the PC. Several sites posted complicated directions on how to scrub the .NET add-on from Firefox, including Annoyances.org."

5 of 333 comments (clear)

  1. Re:Not true by Neon+Spiral+Injector · · Score: 4, Interesting

    That may not be entirely true. Have a look at this:
    http://adblockplus.org/blog/the-return-of-net-framework-assistant

  2. Re:Sabotage? by jamstar7 · · Score: 4, Interesting

    Too many movies makes you think strange things. For instance most people see the CIA as a bunch of bad asses with cell phone watches that project holograms of your dossier into thin air while sending you messages via ESP. Real life: rotary phones, paperwork in triplicate, and a gigantic fucking bureaucracy that thinks pagers are still useful.

    Or the idea of NSA 'agents' running around shooting up everything in sight (because the CIA isn't the big Boogie Man anymore). Real life: Bunch of bureaucrats overseeing a bunch of pastyfaced nerds and cubicle rats busy doing signal intercepts and codebreaking. Though the bandwidth and internet access is great, I hear...

    --
    Understanding the scope of the problem is the first step on the path to true panic.
  3. Re:Sabotage? by interkin3tic · · Score: 4, Interesting

    Not surprisingly this comment is sitting here unmoderated

    Only for half an hour. An hour later, it is up to +5. I guess the "nucleation" for moderations is the slow step, it has seemed to me that most moderations are done on posts already moderated once. Looking over my comments, I usually notice that most of my posts are unmoderated, the ones that are are usually moderated more than once. I don't really think my posts are either +5 great or +0 meh. Most people with mod points must be lazy and don't browse in full.

  4. Re:Sabotage? by shutdown+-p+now · · Score: 4, Interesting

    Ok, seriously. Why Algol-60?

    Because it is one of the three languages that started it all, and one that affected all existing mainstream languages most. Curly braces of C, and the block construct that they represent, began their life as "begin .. end" in Algol-60.

    Because it is at the same time a very beautiful language - especially considering the time when it was designed - and one with some very advanced constructs, not found even in many modern languages, that can pose significant challenge to implement efficiently, especially in an otherwise constrained environment such as sandboxed CLR. To list a few such features: computed goto, label variables/function arguments and the associated nonlocal goto, arbitrarily nested functions with variable capturing, and call-by-name. Challenges are fun.

    Because it's a very important milestone in history of CompSci in general, and language design in particular (in case it's not quite obvious yet, I'm a language design geek), a piece of it that I wish to preserve. Apparently, I'm not alone in that, either - there's also GNU Marst - curiously enough, written by another Russian dude.

    Because Simula-67 (the first OOP language ever, and the ultimate ancestor of virtually every statically typed OO language today, including C++, Java and C#) is a strict superset of Algol-60, and I wanted to go after it next.

    And, of course, just for fun. I mean, this is Slashdot, right? We routinely get people installing KDE2 on NetBSD running on toasters with 7-segment indicators here; I think my little fetish is relatively benign in contrast.

    (To bring the above references to Algol-60 language features into some context for those not familiar with the subject, the final Algol-60 language spec is here; it's a fairly short read.)

    After all everybody her on SlashDot knows that Algol-68 is the most recent version!

    Algol-68 is an entirely different language from Algol-60. It's not evolutionary, but a complete, ground-up redesign, by very different people. It's also a very interesting one, and important in its own right, since C borrowed a lot of things from it, down to keywords (VOID, INT, SHORT, LONG, STRUCT and UNION are all Algol-68 keywords with virtually the same meaning they have retained in C).

    It would be fairly interesting thing to implement as well, but in many ways it's a much more rationally designed language than Algol-60, dropping some overly exotic and complicated features, and, consequently, implementing it is less of a challenge (I guess they had had enough real-world experience writing compilers by then to conclude that some features of Algol-60 looked good on paper only...).

  5. Mozilla is on top of it, though by macraig · · Score: 4, Interesting

    This screen capture of a dialog I saw tonight demonstrates that Mozilla is paying attention and doing something about it, though: