Re: .net framework security updates for 1.1, 2.0 & 3.5 for XP

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Melelina wrote:

Microsoft made Fx 3.5 totally vulnerable to drive by malware with that stupid extension. I not read one thing that says otherwise. That is why Mozilla blocked it as that extension made the main reason to use Fx null and void and that was Microsoft's intention. Damage the security of Fx, which is why folks use it instead of IE, and you have crippled your competitor.

Much as I hate to spoil a good conspiracy theory, Mozilla say otherwise:

<http://shaver.off.net/diary/2009/10/18/update-net-framework-assistant-clickonce-support-unblocked/>

http://shaver.off.net/diary/2009/10/18/update-net-framework-assistant-clickonce-support-unblocked/

Harry.


I never allow ANY Microsoft crap to contaminate my Fx on any computer. I also don't allow Adobe to contaminate Fx with Flash Player or Acrobat Reader plugins. I have a far superior PDF reader and I am not stupid enough to EVER allow ANY browser to open PDF in the browser. As for Flash Player, it will never be on any of my computers. If I wanted to watch movies, I would buy myself a TV. I don't have a computer to waste time watching movies. As for QuickTime, I have not had that installed on a computer since 1999. It is utter junk.


"G. R. Woodring" <tejbbqevat@xxxxxxxxxxxxx> wrote in message news:ORmsE9CUKHA.1232@xxxxxxxxxxxxxxxxxxxxxxx
Please read this: <https://bugzilla.mozilla.org/show_bug.cgi?id=522777#c56>

There was no attempt to ruin Firefox. MS provided a means for a competing browser to utilize .NET and WPF features. Some Firefox users resent that the plug-in was installed without asking but the installation itself is no more invasive than QuickTime or Adobe. It certainly does *NOT* rewrite any Firefox code.

A vulnerability was discovered and Microsoft and Mozilla mutually agreed that blocking the add-on was an appropriate action. The blocklist is part of Firefox 3.x and is used to block several incompatible add-ons from several vendors. A problem seems to be that the .NET patches do not change the version number and so the block must remain in effect until a distinct version reference can allow the blocklist to differentiate between the patched and un-patched files.

I have the MS .NET add-ons in Firefox 2.0.0.22, Firefox 3.5.4, and Firefox 3.7a and I have never had them cause any problems.

FWIW I had no trouble installing the patches from Windows Update.

--
G. R. Woodring

Date: 10/18/2009 8:06 AM, Author: Melelina Wrote:
"D.Abomination" <DAbomination@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:1D4AF0AF-F362-458F-8EF8-36BE003CBE14@xxxxxxxxxxxxxxxx
the new october .net framework security updates for 1.1,2.0, & 3.5 for XP are
not installing. I keep getting a "failed" message after all 3! Help!
If you use Firefox 3.5, don't touch that one for .NET 3.5. Microsoft just royally insulted all Firefox users and tried to ruin Fx. Mozilla put them in their place by sending a block signal to all computers using Fx 3.5. I hope Mozilla sues the pants off Microsoft for what they tried to do to Firefox. The update for .NET 3.5 installs a plug-in SILENTLY (yet again...Microsoft pulled this same crap earlier this year with Fx silent install that hurt Fx and got criticized for it and now they do it again and even worse this time). The plug-in is for Windows Presentation Foundation which is a part of .NET 3 and 3.5. That plug-in in Microsoft installs silently (or did until Mozilla sent a block signal Friday to all Firefox installations) makes Fx worthless as a browser because it makes it totally open to drive by malware installations. Microsoft has no business rewriting Firefox code silently without the express permission of the user (and for that matter they should also ask Mozilla for permission to rewrite code for a rival browser). Geeez.....

If you don't have reason to need .NET 2, 3 and 3.5 just get rid of them. They cause nothing but problems and practically no applications that most people use depend on any of them except maybe .NET 1.1 which is the smallest and best behaved of them.


.

Relevant Pages

  • Re: Antivirus
    ... including Firefox, the new open source browser from the Mozilla Project, ... On July 26, a separate Firefox spoofing issue was found, which allows a ...
    (alt.os.linux.suse)
  • Re: .net framework security updates for 1.1, 2.0 & 3.5 for XP
    ... I never allow ANY Microsoft crap to contaminate my Fx on any computer. ... There was no attempt to ruin Firefox. ... A vulnerability was discovered and Microsoft and Mozilla mutually agreed ... FWIW I had no trouble installing the patches from Windows Update. ...
    (microsoft.public.windowsupdate)
  • Re: [SLE] Upgraded Mozilla still renders wrong
    ... It's not a problem with the browser but the CSS ... >I have Mozilla 1.7.5 installed from a binary tarball I got directly from ... this version still renders some pages horribly. ... >>know that Mozilla and Firefox on Windows, ...
    (SuSE)
  • Re: OT: Mozilla Firefox 3 is out as of yesterday
    ... These changes have been around since "Mozilla" was king of the browsers (pre Firefox). ... It seemed that anything greater caused one of the versions of Mozilla to get lost in it self. ... This value is the amount of time the browser waits before it acts on information it recieves. ... are a lot better than myself in writing reviews, ...
    (alt.sys.pc-clone.dell)
  • Re: FC3: Firefox 1.0 No sucess installing java plugin--> Mozilla ok, not Firefox.
    ... No success installing Java and Java Plugins for Mozilla, or Firefox. ...
    (linux.redhat.install)