This morning, I was prompted by Firefox that it had disabled the .NET Framework Assistant and the Windows Presentation Foundation addons. The popup concluded with the message that these addons have been known to cause stability or security issues with Firefox.
This is very interesting with vendors taking a proactive approach with kill switch functionality with known security vulnerabilities. To Microsoft’s credit, they are letting Mozilla block the addon until users go and patch. According to http://blogs.technet.com/srd/archive/2009/10/12/ms09-054.aspx Firefox users are “safe” from beeing exploited via the security issue, after having KB974455 (the Cumulative Security Update for Internet Explorer) installed.
Here is Mozilla security blog entry announcing this block, which Mozilla is implementing using its blocking mechanism.
If you are one of those people who wish to get their hands dirty, you can nuke it with regedit.
- For x86 machines, Go to the folder HKEY_LOCAL_MACHINE > SOFTWARE > Mozilla > Firefox > Extensions
- For x64 machines, Go to the folder HKEY_LOCAL_MACHINE > SOFTWARE > Wow6432Node > Mozilla > Firefox > Extensions
- Delete key name ‘{20a82645-c095-46ed-80e3-08825760534b}’
The plugin is hiding in C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (and C:\WINDOWS\Microsoft.NET\Framework\v4.0.20506\WPF\NPWPF.dll if you have the .NET 4.0 beta).
- Remove HKEY_LOCAL_MACHINE>SOFTWARE>MozillaPlugins>@microsoft.com>WPF,version=3.5
- And HKEY_LOCAL_MACHINE>SOFTWARE>MozillaPlugins>@microsoft.com>WPF, version=4.0 if you have the 4.0 beta
That’s because Mozilla knows all Windows software causes security issues.
Hello from Russia!
Can I quote a post in your blog with the link to you?
Definitely.