New Microsoft Vulnerability Blacklisted by Firefox

An interesting new vulnerability has popped up in Firefox browsers, leaving many users open to attack.  The vulnerability is actually a plug in for Firefox browsers designed by……(drumroll, please)….. You guessed it.. Microsoft

The vulnerability can be exploited when users visit malicious Web pages that contain specially crafted XAML-Coded content.

On Tuesday, Microsoft sent out an Internet Explorer patch to fix the vulnerability, by way of Windows Automatic updates. Although the IE patch is said to fix the problem with both Firefox and Internet Explorer browsers, many Firefox users are still reporting unresolved issues.

In order to protect people who are not yet patched, Firefox has added Microsoft’s plugin to its add-on blocklist, causing it to be automatically disabled by the browser, until a Universal fix can resolve the vulnerabilities of the plugin.

Mike Shaver, Firefox’s vice president of engineering, described the security problem in a blog entry posted Friday in the official Firefox security blog.

“Because of the difficulties some users have had entirely removing the add-on, and because of the severity of the risk it represents if not disabled, we contacted Microsoft today to indicate that we were looking to disable the  plugin for all users via our blocklisting mechanism,” he wrote. “Microsoft agreed with the plan, and we put the blocklist entry live immediately.”

Plugin security vulnerabilities are a major problem for corporations, small businesses, and family users, due to their nature. These bugs are especially tempting to hackers because they often are a great way to affect multiple browsers and provide a larger audience of potential victims.

Our clients who are enjoying ongoing maintenance services are up to date,  and as always clients on the Managed Protection plans were protected considerably before the vulnerability was ever publicly disclosed.