499521 - .Net Extension cannot be uninstalled

Status: RESOLVED DUPLICATE of bug 476430

(Toolkit :: Add-ons Manager, defect)

Description

[David E. Ross]

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.21) Gecko/20090403 SeaMonkey/1.1.16
Build Identifier: 

Per the article at the cited URI (and the link therein to <http://annoyances.org/exec/show/article08-600>), Microsoft's .NET Framework 3.5 Service Pack 1 includes a Firefox extension that gets installed in the Firefox root.  Once installed, this extension disables the Uninstall button.  The extension reportedly enables other Web sites "to easily and quietly install software on your PC", thereby creating a severe vulnerability in Firefox.  

No extension should have the ability to disable its own removal.  The Addons Manager should not allow this to happen, even if the addon is installed in the root instead of in a profile.  

Reproducible: Always




I have not confirmed the reports in th cited URI or the annoyances.org URI.  I am merely reporting a potential problem that, if true, represents a serious software vulnerability.  

Note:  I avoid the problem by (1) selectively (not automatically) downloading and installing Windows updates and (2) never downloading or installing .NET Framework updates.  This means, I plan to remain at Windows XP SP2 and not upgrade to Windows XP SP3, which might include the .NET Framework malware.

Comment 1

[Robert Strong (they/them - no direct email)]

Not malware and it doesn't disable uninstall. The add-ons mgr doesn't provide uninstall for extensions installed via the registry.