Microsoft Silently Installing Windows Presentation Foundation Plugin For Firefox - gHacks Tech News

Microsoft Silently Installing Windows Presentation Foundation Plugin For Firefox

If you have recently opened your Firefox web browser you may have noticed a notification from the web browser that the Windows Presentation Foundation plugin was disabled to protect the user and the web browser.

Many users who received the message were a bit puzzled as they did not install the plugin in first place. Remember the Microsoft .net Framework Assistant incident earlier this year when Microsoft installed the plugin in the Firefox web browser without notifying the user? The installation of the Windows Presentation Foundation plugin uses the same method as it.

The Windows Presentation Foundation Plugin gets installed when the Microsoft .net Framework 3.5 SP1 gets installed on a Windows operating system. Users who noticed the installation also noticed that they were not able to uninstall the plugin, only disable it in the Firefox plugin manager.

Mozilla today blacklisted the Windows Presentation Foundation Plugin. Not because of the silent install but because of a security vulnerability, or to be precise a remote code execution vulnerability. The vulnerability was reported on October 16 and measures to block the plugin were initiated today. Interested users can read up on the vulnerability at the Bug listing on the Mozilla website.

This raises several interesting questions. Could Microsoft be held accountable if computer systems are successfully attacked? Microsoft is not the only developer that isadding plugins to Firefox without asking users of the browser first if they want those plugins to be installed.

Mozilla developers should consider implementing a security control to block unwanted plugins from being installed silently in the background.

Users who have not received the message in Firefox yet should check in the plugin section if the plugin is installed and if it is enabled or disabled. It should be disabled immediately if it is not already to prevent that attacks exploit it successfully.

Update: Fast forward a couple of years. Most web browsers use click to play nowadays by default or block most plugins outright which reduces the likelihood that plugins get installed that are ready for use without the user knowing about them.





  • We need your help

    Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

    We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.

    If you like our content, and would like to help, please consider making a contribution:

    Comments

    1. Uthman said on October 17, 2009 at 7:00 pm
      Reply

      I’ve just received this notification from Firefox and I’m going to disable this plugin.

    2. David said on October 17, 2009 at 7:01 pm
      Reply

      I’ve just received this but I have’nt installed Microsoft .net Framework 3.5 SP1 or anything from Micro$oft lately.

    3. Michael said on October 17, 2009 at 7:45 pm
      Reply

      “This raises several interesting questions. Could Microsoft be held accountable if computer systems are successfully attacked?”

      Well it allso raises the question if Mozilla could be held accountable if the automatic disableling causes applications to fail?

      -/Michael

      1. Andrew said on October 19, 2009 at 3:46 am
        Reply

        That is different. The user has chosen to use Mozilla Firefox and is therefore accepting its foibles. The Microsoft add-on has been installed without warning and is therefore liable for its own actions.

        1. Laura said on October 19, 2009 at 11:08 am
          Reply

          Interesting question though: Is the fact that 3rd party software can be installed without the users knowledge or consent written in to Mozilla’s T&Cs??

          I find this the most concerning aspect of this issue.

    4. Cheryl said on October 17, 2009 at 8:38 pm
      Reply

      Why didn’t you tell us how to disable this crap!!! So annoying when the most important info. is withheld!

      Thanks!!

      1. Martin said on October 17, 2009 at 11:26 pm
        Reply

        I’m sorry for not posting the information in first place but I was in a hurry. You can find out about the plugins by going to Tools > Addons and switching to the plugins section there.

    5. Cheryl said on October 17, 2009 at 8:39 pm
      Reply

      Where is the plugin section? Please don’t assume people know this kind of stuff.
      Thanks!

      1. bf said on October 18, 2009 at 4:48 pm
        Reply

        If you are asking this question, you probably should have stayed with IE.

      2. Chris said on October 19, 2009 at 10:02 am
        Reply

        Hi Cheryl,

        in case You’re asking such fundamental questions – ghacks maybe is the wrong website to fulfill Your needs.

        To answer Your question: If You follow the shown path (tools -> addons) You just have to open Your eyes and find the ‘plugins’-section. Everything You need is written down already, please do not assume to get it served as a comfortable breakfast in the morning bed.

        Greetings, Chris

        1. Cheryl said on October 19, 2009 at 10:29 pm
          Reply

          Perhaps you Chris and bf should learn not to respond like such jerks! Don’t assume people aren’t capable of learning! Websites are not listed on a scale of peoples learning abilities or even grade level so to make the following suggestions just shows your arrogance and how asinine you are!
          Bf suggested:
          “If you are asking this question, you probably should have stayed with IE”
          Then Chris said:
          “in case You’re asking such fundamental questions – ghacks maybe is the wrong website to fulfill Your needs.”
          Now the time you spent being jerks you could have just answered the question!

          Thanks Martin for your assistance you have class! Thanks for the info.

      3. Raven said on September 28, 2014 at 8:26 pm
        Reply

        If you don’t know how to get to the plugins area, then you also don’t know what a plugin is, and should not disable any (unless specifically told to do so). I am searching for many days trying to find out exactly what “Windows Presentation Foundation” and “Windows .NET Framework” ARE, and if they have any use for non-developers (which means people who write their own programs). WPF is not exactly malware; it is literally installed by Microsoft itself, and you should never disable anything that Microsoft puts in automatically unless you either know what it is or know how to do tests to find out. Otherwise, it is almost guaranteed that something will break, and when it does, you won’t have a clue why and in most cases tech people will not be able to help you. For example, there are things called Services that are background processes, that people who actually need their computers to work without using extra processing power and RAM will disable most of. But, as with anything Microsoft, this often breaks things, and it is often not easily clear which service broke it, because they often have nothing to do with one another (it’s just Microsoft’s shitty programming). So, if I post for help on the solution, I will get many replies that have nothing to do with services, and no one will think to check whether these services are enabled, because they (sometimes stupidly) assume that they are. But if I ask specifically, “Which Services are required in order for XXXX to work?,” some of the idiots still don’t have a clue what I’m talking about, and the others that do often still do not know the answer. In that case, then *I* still have no way of knowing whether it’s even being caused due to Services in the first place, and in order to find out, I would have to restart my computer up to 12 or so times, so usually the thing remains broken, forever, or until my laptop is stolen and/or I leave the place that this is a problem on. Therefore, DO NOT DELETE OR UNINSTALL ANYTHING BY MICROSOFT UNLESS YOU KNOW EXACTLY WHAT IT IS OR WHAT IT DOES! (Or if it’s a virus which just say it’s from Microsfot when it really isn’t.)

        The plugins are is a simple menu option, and it is indeed correct for anyone on this website to “just assume people know these things”. As mentioned, this website is for people who will already know very obvious things. If you are able to understand what’s on the website, then there is nothing wrong with you using the information posted on it, but you should not complain about how people allegedly don’t “just know” a basic menu option. As soon as you install Firefox, you will, of course, search through the menus to find all options and settings and change them to your liking, and, while doing so, you will see the plugins area. If not, “It is in the add-ons popup” should be enough to tell you. If you are such a very very basic computer user that you do not know either of these things on your own by mere virtue of using a computer, it is not the authors of articles who are to blame for that.

    6. Julio Camarena said on October 17, 2009 at 9:12 pm
      Reply

      I really hate when microsoft do this, i have never install this shit, and now i need to disable ??? WTF !!

    7. Bob said on October 17, 2009 at 9:16 pm
      Reply

      Surely it is illegal to modify a third party application without notifying the publisher and the users first.

      Yet Microsoft are quite happy to chase anybody that uses their stuff. Looks like one rule for them and another rule for other people!

    8. Sterling said on October 17, 2009 at 9:37 pm
      Reply

      So, it sounds like it has something to do with Silverlight, so they’re silently trying to push that out onto everyone’s computer? I’ve intentionally NOT installed Silverlight because I don’t want it on my computer.

    9. tunapez said on October 17, 2009 at 9:42 pm
      Reply

      This add-on had disable and uninstall dialogue two days ago(7 RC), I disabled it and was going to see what(if any) loss of functionality I was losing before I uninstalled it. First thing this morn I got the FF(3.5.2) pop-up saying restart to disable this add-on? Before and after the restart the remove dialogue was removed. Huh.

    10. Jojo said on October 17, 2009 at 10:08 pm
      Reply

      I got this message and did some research instead of just reacting automatically.

      =====================
      Updated October 16, 2009 – updated blog post to clarify that Firefox users are protected from CVE-2009-2529 if they install the MS09-054 update.
      Published Monday, October 12, 2009 7:36 AM by swiblog
      Filed under: Workarounds, Attack Vector, XBAP, MS09-054

      http://blogs.technet.com/srd/archive/2009/10/12/ms09-054.aspx
      =====================

      Read the full MS09-054 bulletin here:
      http://www.microsoft.com/technet/security/bulletin/ms09-054.mspx
      =====================

      So IF you install the fix referred to in bulletin MS09-054, you will be safe. The actual fix# is KB974455

      NirSoft has a program that will list Windows updates on your system:
      http://www.nirsoft.net/utils/wul.html

      Or you can use Windows Update to get a list.

      The KB974455 is available on Windows update.

      I would also recommend running a CUSTOM list on Windows Update as otherwise only critical updates get installed automatically (at least under WinXP). I found 13 other non-critical updates that I thought needed installation also!

    11. [email protected] said on October 17, 2009 at 10:27 pm
      Reply

      This is pretty serious. I wasn’t even aware that someone could install a plugin in my Firefox without my explicit permission. I think I am more angered by knowing this, and not from Microsoft installing this plugin. Microsoft is using a feature that is provided by Mozilla.

      Regarding Microsoft being held accountable for any security vulnerabilities, we know that thousands of system are subjected to virus, trojans, and malware everyday because of vulnerabilities in Windows. Shouldn’t Microsoft be held accountable for all of those too?

      1. Raven said on September 28, 2014 at 8:30 pm
        Reply

        If the method used is to simply add the DLL files while the browser is closed, then I don’t think there’s anything Mozilla can really do about it. How can MOZILLA tell WINDOWS what to do what Mozilla (or Firefox) is not even running?!

        For example, when you copy the %AppData% to the next computer you are using, it will install whatever plugins are installed on that new computer, because the DLLs are in the folder and Mozilla had nothing to do with putting them there.

        What Mozilla CAN do is make it impossible to remove the “uninstall” button.

    12. JETSOLVER said on October 18, 2009 at 1:18 am
      Reply

      Exactly when is Msoft officially evil? Thanks for the explanation.

    13. jeps said on October 18, 2009 at 4:14 am
      Reply

      How will disabling this plugin effect FireFox performance on asp.net websites? I mean does some websites entirely depend on this plugin being enabled in order to work properly?

    14. John R said on October 18, 2009 at 4:17 am
      Reply

      Firefox should never allow a plugin to be installed without explicit user permission! If a plugin is installed by another program then Firefox should prompt a dialog asking the user whether to enable/disable it. I’m so pissed off that Firefox would allow plugins to be installed without the user’s knowledge – I can see Microsoft doing this but Mozilla should know better…

    15. Ernie S. Beaudin said on October 18, 2009 at 6:00 am
      Reply

      It seems that since the plugin is blocked by Mozilla, you can no longer remove it from the Tools / Addons / Plugins window.

      I found this removal document… May help.

      http://ffextensionguru.wordpress.com/2009/02/08/how-to-remove-microsoft-net-spyware-extension/

    16. Dave said on October 18, 2009 at 6:09 am
      Reply

      Easy steps…

      Exit Firefox first, then go to this folder in Windows, and archive it all to RAR or ZIP. Then delete everything you archived.

      C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation

      You should remain with one archive, no other files or folders.

      Restart Firefox, exit and start it again (there are harder ways, but that works for most users).

      That should remove it. And you have a backup in case.

    17. Junkmen said on October 18, 2009 at 6:27 am
      Reply

      Today after receiving FF notification about that Microsoft crap-I uninstalled it on the spot.

    18. Jojo said on October 18, 2009 at 6:34 am
      Reply

      I received this message and did some research instead of just reacting automatically.

      =====================
      Updated October 16, 2009 – updated blog post to clarify that Firefox users are protected from CVE-2009-2529 if they install the MS09-054 update.
      Published Monday, October 12, 2009 7:36 AM by swiblog
      Filed under: Workarounds, Attack Vector, XBAP, MS09-054

      http://blogs.technet.com/srd/archive/2009/10/12/ms09-054.aspx
      =====================

      Read the full MS09-054 bulletin here:
      http://www.microsoft.com/technet/security/bulletin/ms09-054.mspx
      =====================

      So IF you install the fix referred to in bulletin MS09-054, you will be safe. The actual fix# is KB974455

      NirSoft has a program that will list Windows updates on your system:
      http://www.nirsoft.net/utils/wul.html

      Or you can use Windows Update to get a list.

      The KB974455 is available on Windows update.

      I would also recommend running a CUSTOM list on Windows Update as otherwise only critical updates get installed automatically (at least under WinXP). I found 13 other non-critical updates that I thought needed installation also!
      ———————
      Now, regardless of the above, NO ONE should be able to install add-in’s to FF UNLESS the user approves! PERIOD!!!!

    19. tunapez said on October 18, 2009 at 7:02 pm
      Reply

      I knew this was like deja vu, but couldn’t put my finger on it.
      To beat the dead horse, let me ask a question:

      Why didn’t Mozilla block this add-on back 4 1/2 months ago when it was first announced / discovered? Timing for their new a-o check feature? Perhaps it was the muse for such a feature?

      http://www.theregister.co.uk/2009/06/01/ms_firefox_extension_row/

      1. Martin said on October 18, 2009 at 7:17 pm
        Reply

        It is my understanding that Mozilla does not have anything against the plugin per se and blocked the plugin only because of the remote exploit that was discovered.

    20. crankenstein said on October 18, 2009 at 8:15 pm
      Reply

      It would make more sense NOT to be running that crappy Firefox to begin with…

    21. me187 said on October 18, 2009 at 11:49 pm
      Reply

      This just happened to me and that’s how i found this page.
      Thanks for the useful info, Thankfully good old firefox recognized the problem and told me to restart firefox so it can disable the dodgy plug in.
      What is it with sh**ty microsoft? are they doing this out of spite because firefox is used by people who realise firefox is better than IE? Either way i don’t think it’s right that they install something on my computer without permission. tut tut as if the whole net framework assistant plug in cock up wasn’t bad enough. Talk about shooting yourselves in the foot…
      I’m even less likely to switch back to Internet Explorer now than ever.

      1. Ranger said on October 31, 2009 at 4:59 pm
        Reply

        To me187:

        No, MS is doing this because they recognize people are using FF and want sites that used only work in IE to work in FF. Contrary to popular belief, MS is not entirely evil.

    22. Ray said on October 19, 2009 at 12:24 am
      Reply

      Why is Firefox silently monitoring my system?

    23. GER said on October 19, 2009 at 11:53 am
      Reply

      THANKS A BUNCH

    24. Riza said on October 19, 2009 at 2:52 pm
      Reply

      Oh damn… now wonder my presentation application not worked in Firefox. Anybody knows how to enable it? Because I want my applications to also work in other browser besides IE. Anyway, what’s wrong with running WPF. I think microsoft will use this WPF a lot in windows 7.

    25. Susan Dixon said on October 19, 2009 at 8:22 pm
      Reply

      Since Firefox blocked the windows presentation Foundation, my interface has changed. Everything is blurred and the font is dark and fuzzy….has my driver been affected…..anyone else having this problem and any suggestion on how to fix it??

      Thanks

      STD

    26. Ranger said on October 31, 2009 at 4:57 pm
      Reply

      Well then, anyone who has installed iTunes should see the Quicktime plugin added to Firefox. I wasn’t asked by Apple’s installer if I wanted that. My point is, MS is not the only one doing this. Apple has done this on the last several installs of iTunes.

    Leave a Reply