Mozilla adds vulnerable Microsoft plug-in to block list

Mozilla moved swiftly to put the Microsoft .NET Framework Assistant Firefox and the Windows Presentation Foundation Add-ons on its blocklist following Microsoft's release of critical updates for Firefox-related components last Tuesday. We reported on the Windows Presentation Foundation plug-in vulnerability last Friday, which was among those fixed last week as part of Microsoft's largest Patch Tuesday to date.

For now, the Windows Presentation Foundation Add-on remains on the blocklist, though the .NET Framework Assistant has been re-enabled by Mozilla after Microsoft clarified that it is not a known vector for the security issue.

Additional information about how Mozilla is able to block Firefox Add-ons that are "known to cause stability or security issues" can be found on Mozilla's Knowledge Base page here. Given the difficulty in uninstalling the Windows Presentation Foundation Add-on, the use of a blocklist makes sense. Including Microsoft's, there are nine blocked Add-ons at the moment, which are simply not by Firefox.

In the meantime, vice president of engineering at Mozilla, Michael Shaver has said that he is working on a post to clarify events over the past few days. Shaver added, "We're hard at work on improving the experience for (especially enterprise) users who wish to override the blocking of the WPF plug-in before we remove it from the blocklist."

For more on this story:
- check out this article at eWeek

Related Articles:
Microsoft plug-in for Firefox patched
Mega Patch Tuesday coming next week
Is it only a myth that Firefox is more secure?
Mozilla plugs 13 holes in Firefox