Mozilla unblocks Microsoft’s sneaky Firefox plug-in


19 Oct 2009

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

Not a game of tit for tat but rather a misunderstanding and much add-on do about nothing, Mozilla mistakenly blacklisted a Microsoft add-on to its Firefox web browser only to unblock it when it realised it was not a security threat to users.

The back story, however, is far more interesting: back in June 2009, Microsoft released a Windows update that installed a .Net Framework add-on into users’ Firefox browsers without directly asking user permission.

“The Microsoft .NET Framework 3.5 Service Pack 1 update, pushed through the Windows Update service to all recent editions of Windows in February 2009, installs the Microsoft .NET Framework Assistant Firefox extension without asking your permission,” claimed website Annoyances.org.

However, at the time Mike Shaver, Mozilla’s head of engineering, brought good news: “Until recently, removing this add-on from Firefox required that users manually edit the registry, but I’m pleased to report that Microsoft has made available a downloadable patch, and has now added it to the knowledge base article on the topic. Once this patch is applied, the add-on can be uninstalled per-user.”

What was wrong with the add-on that some wanted to remove it? “It’s recently surfaced that it has a serious security vulnerability, and Microsoft is recommending that all users disable the add-on,” said Shaver on Friday on the official Mozilla Security Blog.

And roll on to Monday and it seems as though the Microsoft add-on, although already blacklisted, was back in the good books: “We received confirmation from Microsoft this evening that the Framework Assistant add-on is not a mechanism for exploiting the vulnerabilities detailed in the earlier post, so we’ve removed it from the blocklist,” said Shaver.

By Marie Boran