Chat Now

Cart My Downloads Free Trial

Products

Products

MULTI-PLATFORM PACKAGES
Universal SubscriptionOur Best Value – includes over 600 UI Controls, our award-winning reporting platform, DevExpress Dashboard, the eXpressApp Framework, CodeRush for Visual Studio and more.DXperience SubscriptionSave Hundreds – includes DevExpress UI Controls for WinForms, ASP.NET, MVC, WPF, our award-winning reporting platform and CodeRush for Visual Studio.

WINDOWS DESKTOP CONTROLS
WinForms WPF VCL WinUI (FREE)Desktop Reporting

ENTERPRISE & SERVER TOOLS
Business Intelligence Dashboard Report & Dashboard Server Office File API (XLS, DOC, PDF)

XAMARIN & MAUI
Xamarin UI Controls (FREE).NET MAUI (FREE)

WEB CONTROLS
JavaScript – jQuery, Angular, React, Vue Blazor ASP.NET Web Forms ASP.NET MVC ASP.NET Core Bootstrap Web Forms Web Reporting

FRAMEWORKS & PRODUCTIVITY
XAF - Cross-Platform .NET App UI XPO – ORM Library (FREE).NET App Security & Web API Service (FREE)CodeRush for Visual Studio (FREE)

TESTING & QA
TestCafe Studio

What's New .NET 7 Support
Demos
Buy
Support & Docs

Support & Docs

SUPPORT CENTER
Search the KB My Questions Localization Version History

LEARNING MATERIALS
Documentation Code Examples Demos Training

Need help or require more information?
Submit your support inquiries via the DevExpress Support Center for assistance.
Blogs
About Us

About Us

CONNECT WITH DEVEXPRESS
Blogs Events, Meetups and Tradeshows

LEARN MORE ABOUT DEVEXPRESS
About Us News User Comments and Case Studies Our Awards MVP Program

Announcing DevExpress Universal v23.1
Developer Express Inc is proud to announce the immediate availability of its newest release, DevExpress v23.1. Built and optimized for desktop, web, and mobile developers alike...

DevExpress Wins 19 Visual Studio Reader's Choice Awards
Like previous years, DevExpress dominated Visual Studio Magazine's 2023 Readers Choice Awards. We thank all our loyal users for casting their vote on behalf of DevExpress.

Drive-by vulnerability for Firefox users with the .NET Framework Assistant

ctodx

16 October 2009

Great. Way back in August 2008, I mentioned that the .NET Framework 3.5 SP1 would install a plug-in into Firefox called the .NET Framework Assistant.

Well it turns out it has a security vulnerability in a "drive-by and you're infected" scenario. The vulnerability uses a modified XBAP (XAML Browser Application) as the attack vector. It seems that Microsoft fixed IE during their Patch Tuesday this week, but apparently the problem is also present in the .NET Framework Assistant, which they didn't patch. ZDNet's story about it is here.

So, Firefox fans: disable the .NET Framework Assistant now (Tools | Add-ons | Extensions | Microsoft .NET Framework Assistant | Disable). I've just done it for both my machines.

Free DevExpress Products – Get Your Copy Today

The following free DevExpress product offers remain available. Should you have any questions about the free offers below, please submit a ticket via the DevExpress Support Center at your convenience. We’ll be happy to follow-up.

Julian Bucknall (DevExpress)

Julian Bucknall (DevExpress)

Email: julianb@devexpress.com

Tags

No Comments

Please login or register to post comments.

Recent Posts

DevExpress VCL Subscription v21.2 released

Dec 15, 2021 by Julian Bucknall (DevExpress)

VCL Charts - Early Access Preview (v21.2)

Dec 14, 2021 by The DevExpress Team

DevExpress Universal v21.2 released

Nov 4, 2021 by Julian Bucknall (DevExpress)

WinForms: .NET 5 Design Time Enhancements

Jul 1, 2021 by Julian Bucknall (DevExpress)

DevExtreme and related products: End of support for Internet Explorer 11

Jun 10, 2021 by Julian Bucknall (DevExpress)