Slashdot Mirror
Mozilla Unblocks Microsoft's .NET Addon
bonch writes "Mozilla previously blocked the Firefox addons Microsoft included with .NET, citing security concerns. After talking with Microsoft, they have now unblocked the .NET Framework Assistant addon and are working on a way for enterprise users to unblock the Windows Presentation Foundation addon as well."
Now I'll admit that there are only a few posts above mine, but already they are generally negative. Which I don't get.
Isn't this a good thing?
Microsoft releases a couple of Firefox plug-ins.
A security vulnerability was discovered in the plug-ins.
Mozilla disables the plug-ins.
Microsoft and Mozilla has a talk about the the vulnerability and it appears that one of the plug-ins aren't vulnerable.
The plug-in is re-enabled.
As far as I can tell, this is the system working properly.
Because of course blocking a program the user chose to install is completely comparable to a program the user chose to install blocking a plugin they didn't choose to install or even knew had installed and was just as difficult to get rid of as most malware.
A bullet may have your name on it but splash damage is addressed "To whom it may concern."
'Ubuntu firefox modifications' plugin also can't be deleted from within firefox.
I'm not arguing for or against your proposal, just that it would need to be consistently applied.
Further, why is Mozilla.org is allowing a mode where any Tom Dick or Harry can drop in a bunch of files in the install directory and suddenly all the users get the extension on by default? Since it is in the instal dir, individual users cant even disable them or uninstall them. The existence of such a mode itself is a big security hole. If IE has a hole and allows a drive by download of a file into Firefox install dir, boom, you get a vulnerability in Firefox. Already there are reports that installing an HP printer gives and unwanted, unasked for and unpermitted extension added to Firefox. Now every software you install is going to want to add a tool bar or an extension to Firefox.
I wish Firefox will just disallow such a way of installing extensions. The cardinal rule, as for as Firefox is concerned, is that the users rule. They control their browser, they decide which extensions are allowed, which scripts are allowed to run, which user agent string is sent out, whether or not to allow java, applet, or javascript or flash or silverlight or whatever. For corporate deployment, the Mozilla team might allow a script based instal on all machines in a corporate network using proper authentication procedures, like Corportate IT dept has local sysadmin privilege, so they come in and install an extension, and even disable its uninstall option, but that is all done outside the browser using the standard corporate deployment procedures. Allowing anyone to dump cruft in a particular folder and suddenly everybody gets the cruft is totally against the expectations of the standard mozilla firefox user.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
Seriously -- I have FAR more of an issue with Firefox disabling a plugin *that I want there* and not providing a way to re-enable it (or at least any obvious way).
Microsoft may choose to say that Firefox integration is part of the .NET framework, and if I choose to have a problem with it, I can uninstall it. But where does the Mozilla organization get off disabling an extension I have, and may be using, without any ability to opt out?
The double standard on this would be funny if people weren't so serious about it.