Mozilla disables vulnerable Microsoft plugin for Firefox
Mozilla has blocked Microsoft’s WPF plugin for Firefox in response to a serious security vulnerability found in the component.
Mozilla has temporarily disabled Microsoft’s WPF plugin for Firefox in order to protect users from a security vulnerability that was recently uncovered in the component. The vulnerability can be exploited when users visit malicious Web pages that contain specially crafted XAML content.
Microsoft issued an Internet Explorer patch to fix the vulnerability through its Windows Update mechanism on Tuesday. The IE patch is said to fully resolve the vulnerability for Firefox users in addition to users of Microsoft’s own browser. Mozilla is concerned, however, that not all users have performed the Windows update yet. In order to protect users who are not yet patched, Mozilla has added Microsoft’s plugin to its add-on blocklist, causing it to be automatically disabled by the browser.
Read more: arstechnica.com