Mozilla on Friday disabled a Microsoft plug-in for Firefox called the .Net Framework Assistant because of a security problem — then scrambled to give people with patched systems an override option.
Mike Shaver, Mozilla's vice president of engineering, announced the first step late on Friday night on his blog. "It's recently surfaced that it has a serious security vulnerability, and Microsoft is recommending that all users disable the add-on," Shaver said. "Because of the difficulties some users have had entirely removing the add-on, and because of the severity of the risk it represents if not disabled, we contacted Microsoft today to indicate that we were looking to disable the extension and plug-in for all users via our blocklisting mechanism. Microsoft agreed with the plan, and we put the blocklist entry live immediately."
The .Net Framework Assistant add-on lets Firefox use Microsoft's ClickOnce technology for installing applications that run on its .Net programming foundation. The add-on already was something of a thorn in the sides of some Firefox users: it was automatically installed via Windows Update with the .Net Framework 3.5 Service Pack 1 without telling the user the add-on was being installed or giving an option. More hackles were raised because it was not compatible with Firefox 3.5, Shaver said, and because removing it initially required people to edit their Windows Registry — a technically onerous task for most people.
To find out more about Firefox blocks insecure .Net add-on — awkwardly see on CNET News.
Talkback
Microsoft continues giving more reasons to switch to MAC, Linux.
This post has been removed by a moderator.