Microsoft Silent Update Creates a Security Hole in Firefox

Microsoft recent security updates has been a source of a problem for Firefox users. A security hole has been found in the plugin that Microsoft had silently been installing into Firefox.

In the recent security updates by Microsoft along with .Net Framework 3.5 SP1, Microsoft had silently been installing Windows Presentation Foundation Plugin that allows the embedding of XAML applications in webpages, called XBAP.

The real issue that needs to be addressed is that the plugin is installed without users authentication and is a drive by. All it needs is, a visit to a rigged site to get compromised.

Microsoft had been consistently on the wrong end of the foot, having got caught earlier this year for silently installing “.Net Framework Assistant” which dismantled a lot of other plugins. And the worst thing about that was it didn’t have any uninstall or disable option but after a media ride they patched it to enable uninstall option. That update in question again broke number of other Firefox extensions.

While the latest update is expected to resolve this issue, it is recommended that you remove the plugin from your computer. Go to Firefox Addons Manager and uninstall this plugin to be on the safe until it is patched by Microsoft.