Firefox blocks, then unblocks, Microsoft add-on
On Friday, Mozilla announced it had placed the "Microsoft .NET Framework Assistant" add-on for Firefox on its list of blocked modules (blocklist). Mozilla's Vice President of Engineering, Mike Shaver, said in his blog that Microsoft agreed to this plan and a tech bulletin released by Microsoft also advised users to disable the add-on.
Late on Sunday though, Shaver announced that this plan was being reversed after Mozilla received confirmation from Microsoft that the Framework Assistant was not "a mechanism for exploiting the vulnerabilities". Shaver says that "as the blocklist update propagates to clients, the add-on should be re-enabled for users who had it previously enabled" and promises further details on what has occurred in a forthcoming post.
Microsoft has automatically installed the add-on for Windows systems with its Service Pack 1 for .NET-Framework 3.5 since February. Two new modules appear in the Firefox add-on window after installing the update: The "Microsoft .NET Framework Assistant" and the "Windows Presentation Foundation" plug-in. In the Service Pack's first revision, the only option was to disable the components; uninstalling was only possible via the registry. An update released in May corrected this problem but didn't include the option to not install the add-on.
During last Tuesday's Patch Day it became apparent that the add-ons installed by Microsoft can be used to exploit a security hole in .NET Framework. The hole allows malicious websites to install software on a computer without the user's consent. Microsoft's MS09-054 update closes this hole.