Chat Now

Cart My Downloads Free Trial

Products

Products

MULTI-PLATFORM PACKAGES
Universal SubscriptionOur Best Value – includes over 600 UI Controls, our award-winning reporting platform, DevExpress Dashboard, the eXpressApp Framework, CodeRush for Visual Studio and more.DXperience SubscriptionSave Hundreds – includes DevExpress UI Controls for WinForms, ASP.NET, MVC, WPF, our award-winning reporting platform and CodeRush for Visual Studio.

WINDOWS DESKTOP CONTROLS
WinForms WPF VCL Desktop Reporting

ENTERPRISE & SERVER TOOLS
Business Intelligence Dashboard Report & Dashboard Server Office File API (XLS, DOC, PDF)

MOBILE CONTROLS
.NET MAUI

Artificial Intelligence
AI-powered Extensions

WEB CONTROLS
JS / TS – Angular, React, Vue, jQuery Blazor ASP.NET Core ASP.NET Web Forms ASP.NET MVC Bootstrap Web Forms Web Reporting

FRAMEWORKS & PRODUCTIVITY
XAF - Cross-Platform .NET App UI XPO – ORM Library (FREE).NET App Security & Web API Service (FREE)CodeRush for Visual Studio (FREE)

TESTING & QA
TestCafe Studio

What's New .NET 9 Support
Demos
Buy
Support & Docs

Support & Docs

SUPPORT CENTER
Search the KB My Questions Localization Version History Security - What You Need to Know Accessibility and Section 508 Support What's New in the Latest Version

LEARNING MATERIALS
Documentation Code Examples Demos Training

Need help or require more information?
Submit your support inquiries via the DevExpress Support Center for assistance.
Blogs
About Us

About Us

CONNECT WITH DEVEXPRESS
Blogs Events, Meetups and Tradeshows

LEARN MORE ABOUT DEVEXPRESS
About Us News User Comments and Case Studies Our Awards MVP Program

Announcing DevExpress Universal v24.2
Developer Express Inc is proud to announce the immediate availability of its newest release, DevExpress v24.2. Built and optimized for desktop, web, and mobile developers alike...

DevExpress Wins 19 Visual Studio Reader's Choice Awards
Like previous years, DevExpress dominated Visual Studio Magazine's 2023 Readers Choice Awards. We thank all our loyal users for casting their vote on behalf of DevExpress.

Drive-by vulnerability for Firefox users with the .NET Framework Assistant

ctodx

16 October 2009

Great. Way back in August 2008, I mentioned that the .NET Framework 3.5 SP1 would install a plug-in into Firefox called the .NET Framework Assistant.

Well it turns out it has a security vulnerability in a "drive-by and you're infected" scenario. The vulnerability uses a modified XBAP (XAML Browser Application) as the attack vector. It seems that Microsoft fixed IE during their Patch Tuesday this week, but apparently the problem is also present in the .NET Framework Assistant, which they didn't patch. ZDNet's story about it is here.

So, Firefox fans: disable the .NET Framework Assistant now (Tools | Add-ons | Extensions | Microsoft .NET Framework Assistant | Disable). I've just done it for both my machines.

Free DevExpress Products - Get Your Copy Today

The following free DevExpress product offers remain available. Should you have any questions about the free offers below, please submit a ticket via the DevExpress Support Center at your convenience. We'll be happy to follow-up.

Julian Bucknall (DevExpress)

Julian Bucknall (DevExpress)

security