Threat Level: green Handler on Duty: Scott Fendley

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Disable MS09-054 patch, or Firefox Plugin?

Published: 2009-10-16
Last Updated: 2011-01-25 00:00:49 UTC
by Adrien de Beaupre (Version: 1)
2 comment(s)

The .NET Framework 3.5 SP1 installs a “Windows Presentation Foundation” plug-in in Firefox. That in of itself may be cause for concern. But wait, there is more. MS09-054 was issued to address an IE vulnerability (CVE-2009-2529). As it turns out the vulnerability could also be exploited via Firefox. If you could launch XBAP using a browser the vulnerability could be exploited. For users of either browser it is recommended to disable XBAP. So essentially a security fix introduced additional issues? The irony is, well...

More information from Microsoft is available here.

So, if you use Windows, install patches, and also have Firefox, oddly enough you will want to read the following Microsoft KB article entitled "How to remove the .NET Framework Assistant for Firefox"

Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.

2 comment(s)
Diary Archives