Warning -- Firefox users please read!

[Ballistyx]

3. Delete the value named {20a82645-c095-46ed-80e3-08825760534b} from the right pane.

I done this on build 7201 and now im doing it on build 7100.. and there is no value name like that

Anyone got any ideas?

I still delete the files from the computer but the Reg file is not there at all to start with..

 

[Jacee]

Yes, it was there on my build Win7 RC 7100. I was able to take ownership and delete the folder. Instructions were clear and concise.

I did a clean "Beta Win7" install when I had Vista Ultimate on this machine, then I did another clean install with Win7 RC 7100. I don't know if any of this matters . I haven't installed any other versions of Win7.

I installed Firefox App Version: 3.0.10 on 2009-05-06 ... so that's basicly what I've done.

I'm working with IE 8 to try and help those who use IE, tho'

 

[Ballistyx]

Yes, it was there on my build Win7 RC 7100. I was able to take ownership and delete the folder. Instructions were clear and concise.

hmm i wonder where mine has run off too then :huh:

 

[dmex]

Im tempted to delete this thread permanently

Before anyone starts removing the plugin , they should try using a ClickOnce application to see just how Hyped this report has been...

I deploy applications via ClickOnce and there is no issue here with the way its been designed or deployed by Microsoft, they have worked on ClickOnce for the last 10 years and it has had zero security vulnerability's in its entire history, basically because the Source-Code for the .net Framework is viewable on every system using a program called Reflector (.NET Reflector, class browser, analyzer and decompiler for .NET).

Reflector is able to show you the Source Code to any .net framework based executable or dll file including the source to Microsoft's own .net Framework files, bugs and issues are found very early and if someone tried releasing a virus using ClickOnce, anyone can see the source code to their application.

Heres a screenshot of the System.Net.Security.dll found in the C:\Windows\Microsoft.NET\framework\ folder:

Heres a screenshot of an application Im developing for Sevenforums:

You can test your Firefox ClickOnce support Here: (by James Dobson)
ClickOnceTester

Testing Manual here: (by James Dobson)
FFClickOnce Testing Manual

By design, You see this security warning when applications are deployed via ClickOnce and also when the .net framework runs the application with low-rights, in that mode applications can not prompt for Elevation, can not access your entire system or make dangerous system changes.

ClickOnce applications have to request security permissions to do anything particularly nasty to your system. Yet this is not foolproof. A poor security configuration on your machine or a bug in the .NET Framework (none in the last 9 years) that could allow an application to do more than it should.

ClickOnce is blocked from being able to access system components, unless you have changed file ownership and reset file permissions to system files, then even restricted applications like ClickOnce will have full access to your system.

Seriously, ClickOnce is not a security issue unless you have changed the default security of system files :sarc:

 

[Ballistyx]

Im tempted to delete this thread permanently

Not to be rude but i dont know about other people but i seen your post and thought it was up to us if we want to remove the folders or not?

Sorry if you think im bring rude

 

[Faruk]

To dmex:

So in other words; there are no security flaws within the plugin? :shock:

 

[Mark]

Yes that's what he was saying and I agree, there is no need to delete something just because Scaremonger made a thread about it, I hope no one makes a thread telling you to jump off a cliff :sarc:.

Close the thread Dmex.

 

[Generator]

I know I'm leaving it on my system, It's only a risk if you have messed with it default settings.. like most internet security settings, turn them off or down too much and things happen without telling or asking you.

I'm leaving it on because I develop for the web too and it's already had updates etc.

 

[dmex]

Not to be rude but i dont know about other people but i seen your post and thought it was up to us if we want to remove the folders or not?

Sorry if you think im bring rude

If you change or remove a single thing in \Microsoft.NET\Framework\ other than the DotNetAssistantExtension folder as others here have done, you will create an unknown amount of security vulnerability's and invalidate the Code Access Security used by .NET!

Clickonce deployment is restricted with low access rights, If UAC is disabled then it runs with that user's highest available access otherwise it runs with very resticted permissions and can not access your system.

To dmex:

So in other words; there are no security flaws within the plugin? :shock:

None what so ever in its entire History.

The applications you download and use right now are Granted Full Trust, ClickOnce grants a very Limited set of permissions.

ClickOnce Can Not:
Install/Modify System Files
Install Drivers
Install Global Assembly Cache extensions
Install for Multiple Users
StartUp Automatically
Register/Modify FileTypes
Access/Modify the Registry
Patch/Modify any System Files, other Application Files or your Files
Install itself anywhere other than the ClickOnce application cache



You can also view the source-code for any ClickOnce deployed application using Reflector.

It's only a risk if you have messed with it default settings!!!

 

[holo88]

so, s%#t. how do i reinstall it
i dont even know where it came from, to be honest...

 

[Generator]

Its part of build 7201 in 'programs & features'/'add & remove' then 'Turn Windows features on or off' and then 'Microsoft .NET Framework 3.5.1'...

 

[dmex]

so, s%#t. how do i reinstall it
i dont even know where it came from, to be honest...

If you changed/deleted anything other than the DotNetAssistantExtension folder then you should then be worried, if you didn't change anything else other than that folder then its completely safe

 

[dmex]

Thread Closed.