Mozilla Restores Blocked Microsoft Security Add-on

Mozilla has moved quickly after receiving information from Microsoft over its add-on to Firefox, which was linked to a security vulnerability that would allowed an attacker to take over Windows.

Last week Mozilla placed the Microsoft .NET Framework Assistant on a block list due to concerns about a Microsoft vulnerability (CVE-2529). But now Mozilla has said it will re-enable the . NET Framework Assistant for Firefox users.

“We received confirmation from Microsoft this evening that the Framework Assistant add-on is not a mechanism for exploiting the vulnerabilities detailed in the earlier post, so we’ve removed it from the block list,” blogged Michael Shaver, vice president of engineering at Mozilla. “As the block list update propagates to clients, the add-on should be re-enabled for users who had it previously enabled.”

Microsoft had warned Firefox users last Friday that they were vulnerable to attack if they had not applied MS09-054, which was part of the massive Patch Tuesday update for October. Mozilla also added the Windows Presentation Foundation plug-in to the block list.

For the moment, that plug-in will remain on the list, Shaver stated in his post.

“We’re hard at work on improving the experience for (especially enterprise) users who wish to override the blocking of the WPF plug-in before we remove it from the blocklist, and I’m working on a post to clarify the events of the past few days,” Shaver wrote. “We (especially I) appreciate your patience and support as we work to keep our users safe and comfortable with all the tools at our disposal.”