Drive-by vulnerability for Firefox users with the .NET Framework Assistant

16 October 2009

Great. Way back in August 2008, I mentioned that the .NET Framework 3.5 SP1 would install a plug-in into Firefox called the .NET Framework Assistant.

Well it turns out it has a security vulnerability in a "drive-by and you're infected" scenario. The vulnerability uses a modified XBAP (XAML Browser Application) as the attack vector. It seems that Microsoft fixed IE during their Patch Tuesday this week, but apparently the problem is also present in the .NET Framework Assistant, which they didn't patch. ZDNet's story about it is here.

So, Firefox fans: disable the .NET Framework Assistant now (Tools | Add-ons | Extensions | Microsoft .NET Framework Assistant | Disable). I've just done it for both my machines.

PDC 2009 sponsor logo

Free DevExpress Products - Get Your Copy Today

The following free DevExpress product offers remain available. Should you have any questions about the free offers below, please submit a ticket via the DevExpress Support Center at your convenience. We'll be happy to follow-up.
No Comments

Please login or register to post comments.