Although Mozilla uses it’s blocking list infrequently, it judged Microsoft’s new .NET Framework Assistant add-on and the Windows Presentation Foundation plug-in for Firefox dangerous enough to resort to such a measure.
According to Computer World, the two pieces of software were blocked on Friday (after notifying Microsoft of the intention), because they put users at risk of an attack through a remote code execution vulnerability. The additional reason behind the blocking is that the users have had some difficulties with the removal of the add-on.
Microsoft admitted last week that the software posed a serious threat not only to Firefox users, but to IE users as well. The main reason Firefox users have complained about it is that the software was installed silently into Firefox without their knowledge or approval – through an update of .NET Framework 3.5.
Initially, the de-installation of said components was possible only if one was willing to edit the Windows registry – a step not to be taken lightly by novices, as a mistake could lead to total incapacitation of the OS. Some time later, Microsoft releases an update that corrected that misstep and made it possible to uninstall the component without tampering with the registry.
Mike Shaver, Mozilla’s VP of Engineering, announced on his blog that they removed the Framework Assistant add-on from their blocklist since they have been informed by Microsoft that it is not a mechanism for exploiting the vulnerabilities as previously thought.