.net framework security updates for 1.1, 2.0 & 3.5 for XP

"D.Abomination" <DAbomination@discussions.microsoft.com> wrote in message
news:1D4AF0AF-F362-458F-8EF8-36BE003CBE14@microsoft.com...<!--coloro:blue--><span style="color:blue <!--/coloro-->
> the new october .net framework security updates for 1.1,2.0, & 3.5 for XP
> are
> not installing. I keep getting a "failed" message after all 3! Help!<!--colorc--><!--/colorc-->

If you use Firefox 3.5, don't touch that one for .NET 3.5. Microsoft just
royally insulted all Firefox users and tried to ruin Fx. Mozilla put them in
their place by sending a block signal to all computers using Fx 3.5. I hope
Mozilla sues the pants off Microsoft for what they tried to do to Firefox.
The update for .NET 3.5 installs a plug-in SILENTLY (yet again...Microsoft
pulled this same crap earlier this year with Fx silent install that hurt Fx
and got criticized for it and now they do it again and even worse this
time). The plug-in is for Windows Presentation Foundation which is a part of
..NET 3 and 3.5. That plug-in in Microsoft installs silently (or did until
Mozilla sent a block signal Friday to all Firefox installations) makes Fx
worthless as a browser because it makes it totally open to drive by malware
installations. Microsoft has no business rewriting Firefox code silently
without the express permission of the user (and for that matter they should
also ask Mozilla for permission to rewrite code for a rival browser).
Geeez.....

If you don't have reason to need .NET 2, 3 and 3.5 just get rid of them.
They cause nothing but problems and practically no applications that most
people use depend on any of them except maybe .NET 1.1 which is the smallest
and best behaved of them.

 

Please read this: <https://bugzilla.mozilla.org/show_bug.cgi?id=522777#c56>

There was no attempt to ruin Firefox. MS provided a means for a competing
browser to utilize .NET and WPF features. Some Firefox users resent that the
plug-in was installed without asking but the installation itself is no more
invasive than QuickTime or Adobe. It certainly does *NOT* rewrite any Firefox code.

A vulnerability was discovered and Microsoft and Mozilla mutually agreed that
blocking the add-on was an appropriate action. The blocklist is part of Firefox
3.x and is used to block several incompatible add-ons from several vendors. A
problem seems to be that the .NET patches do not change the version number and
so the block must remain in effect until a distinct version reference can allow
the blocklist to differentiate between the patched and un-patched files.

I have the MS .NET add-ons in Firefox 2.0.0.22, Firefox 3.5.4, and Firefox 3.7a
and I have never had them cause any problems.

FWIW I had no trouble installing the patches from Windows Update.

--
G. R. Woodring

Date: 10/18/2009 8:06 AM, Author: Melelina Wrote:<!--coloro:blue--><span style="color:blue <!--/coloro-->
> "D.Abomination" <DAbomination@discussions.microsoft.com> wrote in message
> news:1D4AF0AF-F362-458F-8EF8-36BE003CBE14@microsoft.com...<!--coloro:green--><span style="color:green <!--/coloro-->
>> the new october .net framework security updates for 1.1,2.0, & 3.5 for XP
>> are
>> not installing. I keep getting a "failed" message after all 3! Help!<!--colorc--><!--/colorc-->
>
> If you use Firefox 3.5, don't touch that one for .NET 3.5. Microsoft just
> royally insulted all Firefox users and tried to ruin Fx. Mozilla put them in
> their place by sending a block signal to all computers using Fx 3.5. I hope
> Mozilla sues the pants off Microsoft for what they tried to do to Firefox.
> The update for .NET 3.5 installs a plug-in SILENTLY (yet again...Microsoft
> pulled this same crap earlier this year with Fx silent install that hurt Fx
> and got criticized for it and now they do it again and even worse this
> time). The plug-in is for Windows Presentation Foundation which is a part of
> .NET 3 and 3.5. That plug-in in Microsoft installs silently (or did until
> Mozilla sent a block signal Friday to all Firefox installations) makes Fx
> worthless as a browser because it makes it totally open to drive by malware
> installations. Microsoft has no business rewriting Firefox code silently
> without the express permission of the user (and for that matter they should
> also ask Mozilla for permission to rewrite code for a rival browser).
> Geeez.....
>
> If you don't have reason to need .NET 2, 3 and 3.5 just get rid of them.
> They cause nothing but problems and practically no applications that most
> people use depend on any of them except maybe .NET 1.1 which is the smallest
> and best behaved of them.
>
> <!--colorc--><!--/colorc-->

 

Microsoft made Fx 3.5 totally vulnerable to drive by malware with that
stupid extension. I not read one thing that says otherwise. That is why
Mozilla blocked it as that extension made the main reason to use Fx null and
void and that was Microsoft's intention. Damage the security of Fx, which is
why folks use it instead of IE, and you have crippled your competitor.

I never allow ANY Microsoft crap to contaminate my Fx on any computer. I
also don't allow Adobe to contaminate Fx with Flash Player or Acrobat Reader
plugins. I have a far superior PDF reader and I am not stupid enough to
EVER allow ANY browser to open PDF in the browser. As for Flash Player, it
will never be on any of my computers. If I wanted to watch movies, I would
buy myself a TV. I don't have a computer to waste time watching movies. As
for QuickTime, I have not had that installed on a computer since 1999. It is
utter junk.


"G. R. Woodring" <tejbbqevat@rneguyvax.arg> wrote in message
news:ORmsE9CUKHA.1232@TK2MSFTNGP05.phx.gbl...<!--coloro:blue--><span style="color:blue <!--/coloro-->
> Please read this:
> <https://bugzilla.mozilla.org/show_bug.cgi?id=522777#c56>
>
> There was no attempt to ruin Firefox. MS provided a means for a competing
> browser to utilize .NET and WPF features. Some Firefox users resent that
> the plug-in was installed without asking but the installation itself is no
> more invasive than QuickTime or Adobe. It certainly does *NOT* rewrite
> any Firefox code.
>
> A vulnerability was discovered and Microsoft and Mozilla mutually agreed
> that blocking the add-on was an appropriate action. The blocklist is part
> of Firefox 3.x and is used to block several incompatible add-ons from
> several vendors. A problem seems to be that the .NET patches do not
> change the version number and so the block must remain in effect until a
> distinct version reference can allow the blocklist to differentiate
> between the patched and un-patched files.
>
> I have the MS .NET add-ons in Firefox 2.0.0.22, Firefox 3.5.4, and Firefox
> 3.7a and I have never had them cause any problems.
>
> FWIW I had no trouble installing the patches from Windows Update.
>
> --
> G. R. Woodring
>
> Date: 10/18/2009 8:06 AM, Author: Melelina Wrote:<!--coloro:green--><span style="color:green <!--/coloro-->
>> "D.Abomination" <DAbomination@discussions.microsoft.com> wrote in message
>> news:1D4AF0AF-F362-458F-8EF8-36BE003CBE14@microsoft.com...<!--coloro:darkred--><span style="color:darkred <!--/coloro-->
>>> the new october .net framework security updates for 1.1,2.0, & 3.5 for
>>> XP are
>>> not installing. I keep getting a "failed" message after all 3! Help!<!--colorc--><!--/colorc-->
>>
>> If you use Firefox 3.5, don't touch that one for .NET 3.5. Microsoft just
>> royally insulted all Firefox users and tried to ruin Fx. Mozilla put them
>> in their place by sending a block signal to all computers using Fx 3.5. I
>> hope Mozilla sues the pants off Microsoft for what they tried to do to
>> Firefox. The update for .NET 3.5 installs a plug-in SILENTLY (yet
>> again...Microsoft pulled this same crap earlier this year with Fx silent
>> install that hurt Fx and got criticized for it and now they do it again
>> and even worse this time). The plug-in is for Windows Presentation
>> Foundation which is a part of .NET 3 and 3.5. That plug-in in Microsoft
>> installs silently (or did until Mozilla sent a block signal Friday to all
>> Firefox installations) makes Fx worthless as a browser because it makes
>> it totally open to drive by malware installations. Microsoft has no
>> business rewriting Firefox code silently without the express permission
>> of the user (and for that matter they should also ask Mozilla for
>> permission to rewrite code for a rival browser). Geeez.....
>>
>> If you don't have reason to need .NET 2, 3 and 3.5 just get rid of them.
>> They cause nothing but problems and practically no applications that most
>> people use depend on any of them except maybe .NET 1.1 which is the
>> smallest and best behaved of them. <!--colorc--><!--/colorc--><!--colorc--><!--/colorc-->

 

Melelina wrote:
<!--coloro:blue--><span style="color:blue <!--/coloro-->
> Microsoft made Fx 3.5 totally vulnerable to drive by malware with that
> stupid extension. I not read one thing that says otherwise. That is why
> Mozilla blocked it as that extension made the main reason to use Fx null and
> void and that was Microsoft's intention. Damage the security of Fx, which is
> why folks use it instead of IE, and you have crippled your competitor.<!--colorc--><!--/colorc-->

Much as I hate to spoil a good conspiracy theory, Mozilla say otherwise:

<http://shaver.off.net/diary/2009/10/18/update-net-framework-assistant-clickonce-support-unblocked/>



Harry.
<!--coloro:blue--><span style="color:blue <!--/coloro-->
>
> I never allow ANY Microsoft crap to contaminate my Fx on any computer. I
> also don't allow Adobe to contaminate Fx with Flash Player or Acrobat Reader
> plugins. I have a far superior PDF reader and I am not stupid enough to
> EVER allow ANY browser to open PDF in the browser. As for Flash Player, it
> will never be on any of my computers. If I wanted to watch movies, I would
> buy myself a TV. I don't have a computer to waste time watching movies. As
> for QuickTime, I have not had that installed on a computer since 1999. It is
> utter junk.
>
>
> "G. R. Woodring" <tejbbqevat@rneguyvax.arg> wrote in message
> news:ORmsE9CUKHA.1232@TK2MSFTNGP05.phx.gbl...<!--coloro:green--><span style="color:green <!--/coloro-->
>> Please read this:
>> <https://bugzilla.mozilla.org/show_bug.cgi?id=522777#c56>
>>
>> There was no attempt to ruin Firefox. MS provided a means for a competing
>> browser to utilize .NET and WPF features. Some Firefox users resent that
>> the plug-in was installed without asking but the installation itself is no
>> more invasive than QuickTime or Adobe. It certainly does *NOT* rewrite
>> any Firefox code.
>>
>> A vulnerability was discovered and Microsoft and Mozilla mutually agreed
>> that blocking the add-on was an appropriate action. The blocklist is part
>> of Firefox 3.x and is used to block several incompatible add-ons from
>> several vendors. A problem seems to be that the .NET patches do not
>> change the version number and so the block must remain in effect until a
>> distinct version reference can allow the blocklist to differentiate
>> between the patched and un-patched files.
>>
>> I have the MS .NET add-ons in Firefox 2.0.0.22, Firefox 3.5.4, and Firefox
>> 3.7a and I have never had them cause any problems.
>>
>> FWIW I had no trouble installing the patches from Windows Update.
>>
>> --
>> G. R. Woodring
>>
>> Date: 10/18/2009 8:06 AM, Author: Melelina Wrote:<!--coloro:darkred--><span style="color:darkred <!--/coloro-->
>>> "D.Abomination" <DAbomination@discussions.microsoft.com> wrote in message
>>> news:1D4AF0AF-F362-458F-8EF8-36BE003CBE14@microsoft.com...
>>>> the new october .net framework security updates for 1.1,2.0, & 3.5 for
>>>> XP are
>>>> not installing. I keep getting a "failed" message after all 3! Help!
>>> If you use Firefox 3.5, don't touch that one for .NET 3.5. Microsoft just
>>> royally insulted all Firefox users and tried to ruin Fx. Mozilla put them
>>> in their place by sending a block signal to all computers using Fx 3.5. I
>>> hope Mozilla sues the pants off Microsoft for what they tried to do to
>>> Firefox. The update for .NET 3.5 installs a plug-in SILENTLY (yet
>>> again...Microsoft pulled this same crap earlier this year with Fx silent
>>> install that hurt Fx and got criticized for it and now they do it again
>>> and even worse this time). The plug-in is for Windows Presentation
>>> Foundation which is a part of .NET 3 and 3.5. That plug-in in Microsoft
>>> installs silently (or did until Mozilla sent a block signal Friday to all
>>> Firefox installations) makes Fx worthless as a browser because it makes
>>> it totally open to drive by malware installations. Microsoft has no
>>> business rewriting Firefox code silently without the express permission
>>> of the user (and for that matter they should also ask Mozilla for
>>> permission to rewrite code for a rival browser). Geeez.....
>>>
>>> If you don't have reason to need .NET 2, 3 and 3.5 just get rid of them.
>>> They cause nothing but problems and practically no applications that most
>>> people use depend on any of them except maybe .NET 1.1 which is the
>>> smallest and best behaved of them. <!--colorc--><!--/colorc--><!--colorc--><!--/colorc-->
>
> <!--colorc--><!--/colorc-->

 

Yes, I saw all that last night. Microsoft and Mozilla played kissy-poo and
made up and we are still screwed.

I think Microsoft will be in serious trouble next time the EU looks at their
behavior. As for Mozilla, most of us users are not very happy with the fact
any Tom, Dick or Harry vendor can silently install extensions and plugins on
our browser and Mozilla is not fixing that until 3.7.

"Harry Johnston [MVP]" <harry@scms.waikato.ac.nz> wrote in message
news:O4XBYYQUKHA.4000@TK2MSFTNGP05.phx.gbl...<!--coloro:blue--><span style="color:blue <!--/coloro-->
> Melelina wrote:
><!--coloro:green--><span style="color:green <!--/coloro-->
>> Microsoft made Fx 3.5 totally vulnerable to drive by malware with that
>> stupid extension. I not read one thing that says otherwise. That is why
>> Mozilla blocked it as that extension made the main reason to use Fx null
>> and void and that was Microsoft's intention. Damage the security of Fx,
>> which is why folks use it instead of IE, and you have crippled your
>> competitor.<!--colorc--><!--/colorc-->
>
> Much as I hate to spoil a good conspiracy theory, Mozilla say otherwise:
>
> <http://shaver.off.net/diary/2009/10/18/update-net-framework-assistant-clickonce-support-unblocked/>
>
>
>
> Harry.
><!--coloro:green--><span style="color:green <!--/coloro-->
>>
>> I never allow ANY Microsoft crap to contaminate my Fx on any computer. I
>> also don't allow Adobe to contaminate Fx with Flash Player or Acrobat
>> Reader plugins. I have a far superior PDF reader and I am not stupid
>> enough to EVER allow ANY browser to open PDF in the browser. As for Flash
>> Player, it will never be on any of my computers. If I wanted to watch
>> movies, I would buy myself a TV. I don't have a computer to waste time
>> watching movies. As for QuickTime, I have not had that installed on a
>> computer since 1999. It is utter junk.
>>
>>
>> "G. R. Woodring" <tejbbqevat@rneguyvax.arg> wrote in message
>> news:ORmsE9CUKHA.1232@TK2MSFTNGP05.phx.gbl...<!--coloro:darkred--><span style="color:darkred <!--/coloro-->
>>> Please read this:
>>> <https://bugzilla.mozilla.org/show_bug.cgi?id=522777#c56>
>>>
>>> There was no attempt to ruin Firefox. MS provided a means for a
>>> competing browser to utilize .NET and WPF features. Some Firefox users
>>> resent that the plug-in was installed without asking but the
>>> installation itself is no more invasive than QuickTime or Adobe. It
>>> certainly does *NOT* rewrite any Firefox code.
>>>
>>> A vulnerability was discovered and Microsoft and Mozilla mutually agreed
>>> that blocking the add-on was an appropriate action. The blocklist is
>>> part of Firefox 3.x and is used to block several incompatible add-ons
>>> from several vendors. A problem seems to be that the .NET patches do
>>> not change the version number and so the block must remain in effect
>>> until a distinct version reference can allow the blocklist to
>>> differentiate between the patched and un-patched files.
>>>
>>> I have the MS .NET add-ons in Firefox 2.0.0.22, Firefox 3.5.4, and
>>> Firefox 3.7a and I have never had them cause any problems.
>>>
>>> FWIW I had no trouble installing the patches from Windows Update.
>>>
>>> --
>>> G. R. Woodring
>>>
>>> Date: 10/18/2009 8:06 AM, Author: Melelina Wrote:
>>>> "D.Abomination" <DAbomination@discussions.microsoft.com> wrote in
>>>> message news:1D4AF0AF-F362-458F-8EF8-36BE003CBE14@microsoft.com...
>>>>> the new october .net framework security updates for 1.1,2.0, & 3.5 for
>>>>> XP are
>>>>> not installing. I keep getting a "failed" message after all 3! Help!
>>>> If you use Firefox 3.5, don't touch that one for .NET 3.5. Microsoft
>>>> just royally insulted all Firefox users and tried to ruin Fx. Mozilla
>>>> put them in their place by sending a block signal to all computers
>>>> using Fx 3.5. I hope Mozilla sues the pants off Microsoft for what they
>>>> tried to do to Firefox. The update for .NET 3.5 installs a plug-in
>>>> SILENTLY (yet again...Microsoft pulled this same crap earlier this year
>>>> with Fx silent install that hurt Fx and got criticized for it and now
>>>> they do it again and even worse this time). The plug-in is for Windows
>>>> Presentation Foundation which is a part of .NET 3 and 3.5. That plug-in
>>>> in Microsoft installs silently (or did until Mozilla sent a block
>>>> signal Friday to all Firefox installations) makes Fx worthless as a
>>>> browser because it makes it totally open to drive by malware
>>>> installations. Microsoft has no business rewriting Firefox code
>>>> silently without the express permission of the user (and for that
>>>> matter they should also ask Mozilla for permission to rewrite code for
>>>> a rival browser). Geeez.....
>>>>
>>>> If you don't have reason to need .NET 2, 3 and 3.5 just get rid of
>>>> them. They cause nothing but problems and practically no applications
>>>> that most people use depend on any of them except maybe .NET 1.1 which
>>>> is the smallest and best behaved of them.<!--colorc--><!--/colorc-->
>> <!--colorc--><!--/colorc--><!--colorc--><!--/colorc-->