Mozilla Blocking Microsoft Plug-Ins

Firefox users on Windows may see the nearby window pop up on Firefox soon. Mozilla has begun to use its blocklisting mechanism to block these add-ons.

Among the vulnerabilities disclosed by Microsoft last Tuesday was MS09-054, a Cumulative Security Update for Internet Explorer. As Microsoft explains in an entry on their Security Research & Defense blog, the .NET Framework 3.5 SP1 installs a "Windows Presentation Foundation" plug-in in Firefox. The vulnerability in this component opens up a browse-and-get-owned attack in Firefox.

There are two confusing parts to this issue as I see it: first, the same Microsoft SRD blog entry states unequivocally that "...any customers that have applied the update associated with MS09-054 are protected, regardless of the attack vector." I did this Tuesday, and yet Firefox just blocked it for me anyway. In fact, the blocklist says clearly that all versions of the add-on are blocked. The other thing is that Mozilla is blocking the "Microsoft .NET Framework Assistant" add-on too. I don't see this code implicated anywhere in the Microsoft documentation.