Comments on: Firefox team unnecessarily blocks add-ons, breaks ClickOnce http://www.twistontech.com/mytwist/firefox-team-unnecessarily-blocks-add-ons-breaks-clickonce/ Life Seen Through Geek Goggles - Technology Blog Sun, 18 Oct 2009 13:27:37 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: George Roberts http://www.twistontech.com/mytwist/firefox-team-unnecessarily-blocks-add-ons-breaks-clickonce/comment-page-1/#comment-218 George Roberts Sun, 18 Oct 2009 13:27:37 +0000 http://www.twistontech.com/?p=73#comment-218 Christopher - I keep seeing that comment from people at Mozilla that Microsoft was on board with this, however, we haven't heard anything like that from Microsoft and there's been no mention of exactly who it was at Microsoft that supposedly okayed this. And to be honest, even if someone from MS did sign off on it, it was still a stupid thing for Mozilla to do. As many of the comments on the bug report and on the blog post that Bob linked in the comments here show, this is going to have a huge impact on a lot of people, especially businesses that use ClickOnce for distribution of apps. Remember all that work you guys have done to try to get Firefox into the enterprise? Well, this decision just caused you to take a step back on that. Carl, there are a lot of plugins that get installed into Firefox when you install other programs. Have you looked at the list on your Firefox lately? I have 15 installed on my system and I only purposefully installed a couple of them. That has absolutely nothing to do with the issues at hand, to be honest. Nico, yes, IE was affected, but as I stated in the article, the issue was patched on 14 Oct 2009. Christopher – I keep seeing that comment from people at Mozilla that Microsoft was on board with this, however, we haven’t heard anything like that from Microsoft and there’s been no mention of exactly who it was at Microsoft that supposedly okayed this. And to be honest, even if someone from MS did sign off on it, it was still a stupid thing for Mozilla to do. As many of the comments on the bug report and on the blog post that Bob linked in the comments here show, this is going to have a huge impact on a lot of people, especially businesses that use ClickOnce for distribution of apps. Remember all that work you guys have done to try to get Firefox into the enterprise? Well, this decision just caused you to take a step back on that.

Carl, there are a lot of plugins that get installed into Firefox when you install other programs. Have you looked at the list on your Firefox lately? I have 15 installed on my system and I only purposefully installed a couple of them. That has absolutely nothing to do with the issues at hand, to be honest.

Nico, yes, IE was affected, but as I stated in the article, the issue was patched on 14 Oct 2009.

]]> By: Nico Sap http://www.twistontech.com/mytwist/firefox-team-unnecessarily-blocks-add-ons-breaks-clickonce/comment-page-1/#comment-217 Nico Sap Sun, 18 Oct 2009 10:26:54 +0000 http://www.twistontech.com/?p=73#comment-217 I agree with Christopher Blizzard completely. But, as the problem resides in the .net framework, is internet explorer also affected? I agree with Christopher Blizzard completely.

But, as the problem resides in the .net framework, is internet explorer also affected?

]]> By: Carl http://www.twistontech.com/mytwist/firefox-team-unnecessarily-blocks-add-ons-breaks-clickonce/comment-page-1/#comment-216 Carl Sun, 18 Oct 2009 08:23:18 +0000 http://www.twistontech.com/?p=73#comment-216 Those plugins should not be there to begin with, they came with windows update. It was not easy to know that they where installed and they are very hard to disable/remove. If they where easy to disable I think alot of users would have done so alredy. Those plugins should not be there to begin with, they came with windows update. It was not easy to know that they where installed and they are very hard to disable/remove. If they where easy to disable I think alot of users would have done so alredy.

]]> By: pchelptech http://www.twistontech.com/mytwist/firefox-team-unnecessarily-blocks-add-ons-breaks-clickonce/comment-page-1/#comment-215 pchelptech Sun, 18 Oct 2009 00:11:36 +0000 http://www.twistontech.com/?p=73#comment-215 "The funny thing is, the current versions of the add-ons are not vulnerable" While this may be true in many, or even most cases, the fact remains that Firefox can't yet hook in to the OS to get the list of patches installed, to verify that the user is safe. Microsoft seem to have agreed that, in this case, Mozilla should go ahead and add it to the block list. It also seems that in FF 3.5.4, the feature to check the list of installed MS patches will be good to go, so this kind of thing shouldn't happen in the future. “The funny thing is, the current versions of the add-ons are not vulnerable”
While this may be true in many, or even most cases, the fact remains that Firefox can’t yet hook in to the OS to get the list of patches installed, to verify that the user is safe.
Microsoft seem to have agreed that, in this case, Mozilla should go ahead and add it to the block list.
It also seems that in FF 3.5.4, the feature to check the list of installed MS patches will be good to go, so this kind of thing shouldn’t happen in the future.

]]> By: Bob http://www.twistontech.com/mytwist/firefox-team-unnecessarily-blocks-add-ons-breaks-clickonce/comment-page-1/#comment-214 Bob Sat, 17 Oct 2009 23:03:00 +0000 http://www.twistontech.com/?p=73#comment-214 The official Mozilla announcement is here: http://blog.mozilla.com/security/2009/10/16/net-framework-assistant-blocked-to-disarm-security-vulnerability/ The post in the bug from him is here: https://bugzilla.mozilla.org/show_bug.cgi?id=522777#c56 The official Mozilla announcement is here:
http://blog.mozilla.com/security/2009/10/16/net-framework-assistant-blocked-to-disarm-security-vulnerability/

The post in the bug from him is here:
https://bugzilla.mozilla.org/show_bug.cgi?id=522777#c56

]]> By: Twitted by davux http://www.twistontech.com/mytwist/firefox-team-unnecessarily-blocks-add-ons-breaks-clickonce/comment-page-1/#comment-213 Twitted by davux Sat, 17 Oct 2009 22:59:06 +0000 http://www.twistontech.com/?p=73#comment-213 [...] This post was Twitted by davux [...] [...] This post was Twitted by davux [...]

]]> By: Christopher Blizzard http://www.twistontech.com/mytwist/firefox-team-unnecessarily-blocks-add-ons-breaks-clickonce/comment-page-1/#comment-212 Christopher Blizzard Sat, 17 Oct 2009 21:50:14 +0000 http://www.twistontech.com/?p=73#comment-212 George - Just to be 100% clear on this we didn't blocklist this plugin because we think it's "controversial" as you put it. We put it out because there are drive-by vulnerabilities in the wild that are affecting people. We also worked in concert with Microsoft before doing this - they were aware of it and agreed that we should do it. George -

Just to be 100% clear on this we didn’t blocklist this plugin because we think it’s “controversial” as you put it. We put it out because there are drive-by vulnerabilities in the wild that are affecting people. We also worked in concert with Microsoft before doing this – they were aware of it and agreed that we should do it.

]]> By: Tweets that mention Twist: on Tech » Firefox team unnecessarily blocks add-ons, breaks ClickOnce -- Topsy.com http://www.twistontech.com/mytwist/firefox-team-unnecessarily-blocks-add-ons-breaks-clickonce/comment-page-1/#comment-211 Tweets that mention Twist: on Tech » Firefox team unnecessarily blocks add-ons, breaks ClickOnce -- Topsy.com Sat, 17 Oct 2009 21:09:21 +0000 http://www.twistontech.com/?p=73#comment-211 [...] This post was mentioned on Twitter by George Roberts and George Roberts, George Roberts. George Roberts said: Firefox team unnecessarily blocks add-ons, breaks ClickOnce http://ff.im/-a1yDN [...] [...] This post was mentioned on Twitter by George Roberts and George Roberts, George Roberts. George Roberts said: Firefox team unnecessarily blocks add-ons, breaks ClickOnce http://ff.im/-a1yDN [...]

]]>