Sneaky Microsoft Add-On Put Firefox Users At Risk

CWmike writes to mention that the "Windows Presentation Foundation" plugin that Microsoft slipped into Firefox last February apparently left the popular browser open to attack. This was among the many things recently addressed in the massive Tuesday patch. "What was particularly galling to users was that once installed, the .NET add-on was virtually impossible to remove from Firefox. The usual 'Disable' and 'Uninstall' buttons in Firefox's add-on list were grayed out on all versions of Windows except Windows 7, leaving most users no alternative other than to root through the Windows registry, a potentially dangerous chore, since a misstep could cripple the PC. Several sites posted complicated directions on how to scrub the .NET add-on from Firefox, including Annoyances.org."

You didn't expect it?

[Random2]

After all, they've done this before. Unless we catch them ,they're going to do whatever they can to remove their competition.

Re:Sabotage?

[Ethanol-fueled]

RTFA, It's a Microsoft vulnerability running on top of (within?) Firefox. Like ActiveX v2.0 for FireFox.
Microsoft owns Windows and so they can make whatever the hell they want work with it as annoyingly and as unsafely as possible, in any way that they wish.

Re:Registry Danger!

[drsmithy]

This kinda invalidates the argument that Windows fanboys have been spouting for years, namely "...but in Linux/BSD/Whatever, you have to edit files, which is too hard for Joe Sixpack to do!"

The big difference is that Registry editing is extremely uncommon in Windows. Trawling through textfiles in Linux (or BSD) is - ironically - something you're almost certainly going to have to do as soon as you step off the narrow path of basic setup and usage.

If you bork the registry, discover it's borked only after a full reboot/log-in, then try to reboot again thinking it's some other problem, that backup copy of the registry just went 'pfft!', and you may or may not be able to get to a point where you can use System Restore

If it booted far enough the first time to delete the backup, then it booted far enough to get to System Restore.

The registry makes a great place to hide stuff in (see also half the malware to come down the pike in the past 9 years)

No more so (and probably far less so) than the maze of rc scripts in your average Linux or BSD.

Re:Registry Danger!

[BikeHelmet]

You're absolutely correct. It's far more dangerous editing a linux conf file than it is editing the registry. (I should know - all my mounts vanished when I used spaces rather than tabs in fstab)

But some stupid person will go crazy and delete everything in the registry if you don't put up those scary warnings.

In all my years of windows use, and frequent registry editing, I've never caused a serious problem by deleting stuff. I always make a backup of keys, just in case, but I've never needed to restore one.

Re:except Windows 7

[BitZtream]

Dear moron,

The way this hooks in is a FEATURE OF FIREFOX. MS didn't do anything special. It takes 1 registry key to do this. Please shut the fuck up about stuff you don't know anything about.

They aren't modifying Firefox, they are adding a registry key, which firefox checks, that tells it to load a plugin as if you installed the plugin yourself.

Its made so you can install firefox plugins globally, to all users rather than one specific user. Its a way that sysadmins can roll out a plugin to an entire organization.

They aren't sabotaging a rival product, the added a plugin which had a bug in it.

Again, please shut the fuck up about things you completely don't understand, its not outrageous, its not unique, its not special, its just a fucking bug. God damn, I've been a fan of OSS for years, I am however, beginning to get incredibly tired of hearing morons like yourself shoot off at the mouth as if you have a clue and talking about how evil some non-OSS software package is.

Get a fucking clue or shut the fuck up, you're just making yourself and the rest of the OSS look like morons to anyone with even half a clue about how this works. The world isn't out to get your favorite pet OSS project, really, no one really gives a fuck, not even Microsoft. God, ignorant loud mouths like yourself need to be hung up by your balls until you learn to get a clue before running your trap.

Re:Registry Danger!

[BitZtream]

So let me get this straight ...

Firefox uses the registry to locate globally installed plugins. IT reads these keys when it boots to look for plugins it should load ... and that is MS's fault?

Do you realize that MS only utilized the interface Firefox created to register plugins globally?

MS doesn't require that you 'hack the registry', Firefox does.

So, if you correct all the inaccuracies in your statement and make it correct, it turns into something like:

Firefox will NEVER be ready for the desktop until you can remove a plugin without hacking the registry.

Wow, that sounds retarded doesn't it, and that statement is actually pointing to the right person.

Riddle me this, what SHOULD be used to find plugins? How do apps that want to install plugins for Firefox find its install? What happens when you install a PDF reader before Firefox, do you want to have to reinstall the PDF reader so that NOW it can install the Firefox plugin?

People about 100 times more clueful than you, at Mozilla, decided to use the registry for good reason, do a little research before you start telling others they did it wrong, or at the bear minimum, stop blaming Joe the Janitor in Kansas for Tsunami wiping out some islands in the Pacific.

Re:I don't have any problems with the DOT net...

[BitZtream]

Awesome, now other than stroking your own ePenis because you think running Fedora makes you cool, what actually do you use that machine for that can be considered useful to someone on the planet? What exactly is the impressive part of running Fedora that made think you should tell us all that you do. This is slashdot, 90% of the people here run Linux, its not impressive to anyone on this site. Its great that you can browse porn on your cute little Fedora machine, but no one gives a shit what OS you run.