but the critical update release last tuesday (KB974417) will fix the problem? i don't have .net FW 3.5 installed and auto update is off, so i'm safe? don't see any MS WPF in my plug-ins list. guess the cyberwar already started and i'm just collateral damage. if you're not with me, then you're against me!
On a side note, if you think this plug-in poses a danger, think again! Javascript poses a greater danger than this yet all browsers come with JS enabled by default. Clearly, this article or Kevin is being biased.
I can at anytime write a JS code that makes you download malicious software unintentionally when you visit my site. The same goes for this plug-in. SO what's the big deal here? Just don't visit untrusted/untested sites!
Yes yes, F microsoft for doing this. True. However it's open that anyone can just drop a file into Firefox and call it a plugin. I'm not saying I blame Mozilla Firefox, but this is a perfect example of why Firefox should take more control over what is allowed to be added and there should ALWAYS be a way to Disable or Uninstall.
If you go get an addon from Firefox's repository, you get a dialog confirming you want to install it. The same should be true for something that tries to be added outside of that process. If I download Uncle Johns Widget plugin and don't have Firefox running, but it tries to alter Firefox to slip itself in... next time I start Firefox I should be asked if I want to allow it. And if I say yes, there must always be a Disable and Uninstall options. Always.