<div style="margin: 12px 0px; font-family: arial; color: #333333; background: #ffffff; border: solid 4px #e5e5e5; width: 100%; clear: left;"><div class="CM_CTB_Content_Wrap" style="margin: 0px; padding: 0px;background-color: #ffffff;"><div style="border-bottom: solid 1px #dcdcdc; white-space: nowrap; margin-bottom: 8px; background-color: #eeeeee ;background-image: url(http://clipmarks.com/images/source-bg.gif); background-repeat: repeat-x; height: 24px; line-height: 24px; vertical-align: middle; padding-bottom: 4px; color: #666666; font-size: 10px;" ><a href="http://clipmarks.com/clip-to-blog/" title="see clips that are hot right now"><img src="http://content.clipmarks.com/blog_embed/8a89ba67-751e-447a-bf80-0ca404ba0ded/B71201CF-7619-4E5E-B391-96D29F631E1D/" alt="" width="19" height="19" border="0" style="vertical-align: middle; margin: 0px 4px; display: inline; border: none; float:none;" /></a>clipped from <a title="http://blogs.zdnet.com/security/?p=4585" href="http://blogs.zdnet.com/security/?p=4585" style="font-size: 11px;">blogs.zdnet.com</a></div><blockquote style="text-align: left; padding: 0px 8px; margin: 4px 0px 8px 0px; background: transparent; border: none;" cite="http://blogs.zdnet.com/security/?p=4585"><P><A href="http://blogs.zdnet.com/security/?p=4614"><IMG width="72" height="70" alt="" src="http://i.zdnet.com/blogs/firefox_.jpg" title="firefox_" class="size-full wp-image-3744 alignright" /></A>Remember that Microsoft .NET Framework Assistant add-on that <A href="http://threatpost.com/blogs/microsoft-sneaks-firefox-add-without-user-knowledge">Microsoft sneaked into Firefox</A> without explicit permission from end users?</P></blockquote><div style="height: 2px; font-size: 2px; background: #dcdcdc; border-bottom: solid 1px #f5f5f5; margin: 2px 4px;"></div><blockquote style="text-align: left; padding: 0px 8px; margin: 4px 0px 8px 0px; background: transparent; border: none;" cite="http://blogs.zdnet.com/security/?p=4585"><P>Well, the code in that add-on has a serious code execution vulnerability that exposes Firefox users to the “browse and you’re owned” attacks that are typically used in drive-by malware downloads.<SPAN id="more-4614"></SPAN></P></blockquote><div style="height: 2px; font-size: 2px; background: #dcdcdc; border-bottom: solid 1px #f5f5f5; margin: 2px 4px;"></div><blockquote style="text-align: left; padding: 0px 8px; margin: 4px 0px 8px 0px; background: transparent; border: none;" cite="http://blogs.zdnet.com/security/?p=4585"><P>[ SEE: <A href="http://blogs.zdnet.com/security/?p=4585" rel="bookmark" title="Permanent Link to Patch Tuesday: MS plugs critical IE, Windows Media Player holes">Patch Tuesday: MS plugs critical IE, Windows Media Player holes</A> ]<A href="http://blogs.zdnet.com/security/?p=4585" rel="bookmark" title="Permanent Link to Patch Tuesday: MS plugs critical IE, Windows Media Player holes"> </A> <A href="http://www.twitter.com/ryanaraine"><IMG width="176" height="92" alt="" src="http://i.zdnet.com/blogs/follow_me_on_twitter.png" title="follow_me_on_twitter" class="alignleft size-full wp-image-3257" /></A></P></blockquote><div style="height: 2px; font-size: 2px; background: #dcdcdc; border-bottom: solid 1px #f5f5f5; margin: 2px 4px;"></div><blockquote style="text-align: left; padding: 0px 8px; margin: 4px 0px 8px 0px; background: transparent; border: none;" cite="http://blogs.zdnet.com/security/?p=4585"><P>The flaw was addressed in the <A href="http://www.microsoft.com/technet/security/bulletin/ms09-054.mspx">MS09-054</A> bulletin that covered “critical” holes in Microsoft’s Internet Explorer but, as Redmond’s Security Research & Defense team <A href="http://blogs.technet.com/srd/archive/2009/10/12/ms09-054.aspx">explains</A>, the drive-by download risk extends beyond Microsoft’s browser.</P></blockquote><div style="height: 2px; font-size: 2px; background: #dcdcdc; border-bottom: solid 1px #f5f5f5; margin: 2px 4px;"></div><blockquote style="text-align: left; padding: 0px 8px; margin: 4px 0px 8px 0px; background: transparent; border: none;" cite="http://blogs.zdnet.com/security/?p=4585"><P>While the vulnerability is in an IE component, there is an attack vector for Firefox users as well. The reason is that .NET Framework 3.5 SP1 installs a “Windows Presentation Foundation” plug-in in Firefox.</P></blockquote><div style="height: 2px; font-size: 2px; background: #dcdcdc; border-bottom: solid 1px #f5f5f5; margin: 2px 4px;"></div><blockquote style="text-align: left; padding: 0px 8px; margin: 4px 0px 8px 0px; background: transparent; border: none;" cite="http://blogs.zdnet.com/security/?p=4585"><P>Now, Microsoft’s security folks are actually recommending that Firefox users uninstall the buggy add-on:</P></blockquote></div><div style="margin: 0px 6px 6px 4px;"><table style="font-size: 11px;border-spacing: 0px;padding: 0px;" cellpadding="0" cellspacing="0" width="100%"><tr><td style="background:transparent;border-width:0px;padding:0px;">&nbsp;</td><td align="right" style="background:transparent;border-width:0px;padding:0px;width:107px" width="107"><a href="http://clipmarks.com/share/B71201CF-7619-4E5E-B391-96D29F631E1D/blog/" title="blog or email this clip"><img src="http://content9.clipmarks.com/images/c2b-foot.png" border="0" alt="blog it" width="107" height="17" style="border-width:0px;padding:0px;margin:0px;" /></a></td></tr></table></div></div>

New from the makers of Clipmarks:  Amplify.com - Don't just share the news...Amplify it!