Firefox Now Auto-Blocks Microsoft .NET Extensions [Security]

Source: http://feeds.gawker.com/~r/lifehacker/full/~3/O3z7LdiXQ3Q/firefox-now-auto+blocks-microsoft-net-extensions

Firefox users on Windows probably have the .NET Framework Assistant extension installed, even if they didn't try to install it. Now Mozilla is was blocking it for security reasons, but has let it back in (Update below).

Microsoft discovered a vulnerability in Internet Explorer and .NET-connected browsers that allowed a site with malicious code to, well, "own" your browser and install some other terrible stuff.

Microsoft issued a high-priority security patch for Windows systems and through Internet Explorer's update mechanism, but for Firefox users who haven't applied the patch, Mozilla has added the Microsoft .Net Framework Assistant and Windows Presentation Foundation extensions to its blocklist, noting that users should see the extensions disabled upon their next log-in.

Update: Mozilla security chief Mike Shaver writes in a blog post that Mozilla has removed .NET Framework Assistant from its blocklist, as the extension was determined not to be a vulnerability to the "browse once and own" code exploit. Shaver writes that a more thorough explanation, and tips on how to prevent and customize auto-blocking, will follow.

If you still see those extensions enabled on your Windows system, Mozilla's security chief has written about the special means of removing them, as they often can't be disabled by default. Better still, if you see extensions in your Firefox Add-Ons menu that you can't quite remember installing, or question what purpose they serve, take this as a lesson in why uninstalling them might be a good idea.

.NET Framework Assistant Blocked to Disarm Security Vulnerability [Mozilla Security Blog via Yahoo News]