RE: Microsoft may be Firefox's worst vulnerability
A recent article at Slashdot that has now been propagated to TechRepublic, claims that Firefox's biggest vulernability this year is Microsoft. For those who have not heard, as part of the .NET Framework v3.5 SP1, Microsoft added an extension to Firefox to support Click-Once application deployment. The claim by Slashdot is that this is Internet Explorer's biggest vulernability and that Microsoft has forced it onto Firefox users.
Having done extensive development in the area, Click-Once deployment does not give the “ability for websites to easily and quietly install software on your PC”. Click-Once must always be initiated by the user, always displays a dialog, and always requires the user to agree to install the software. Microsoft didn’t do anything that Firefox doesn’t allow or encourage. Click-Once is actually very similar to Firefox’s own method for downloading and installing Extensions.
The interesting thing is that the article claims this is a huge security vulnerability, and yet there haven’t been any exploits of it? The .NET Framework v3.5 SP1 has been out for 10 months now. Firefox has released several revisions since then. They have done nothing to counter Microsoft’s extension. Obviously, the developers of the software, as well as management, don’t see a security vulnerability.
Slashdot isn’t really a reliable source for Microsoft-related news items (i.e. they show Bill Gates as a Borg). The article even states that people shouldn’t use Firefox and “just get rid of MS Windows entirely”. Seriously? The lack of credibility is ASTOUNDING.
The TechRepublic article is my dumbest article of the day.
← Mosso's URL Rewriting Rules Are Wrong! Use Late-Binding in C# Now, without .NET 4.0 →