Microsoft maintained that users who applied the patches it issued last week as part of a would protect Firefox users from attack. However, the bulletin, which provided details on the vulnerability, said nothing about Firefox. Later last Tuesday, Microsoft expanded on MS09-054 in a , and confirmed that Firefox was affected because of the add-on and plug-in.

Mozilla, however, clearly felt that that was not enough, and took the unusual step of blocking the Microsoft add-on and plug-in. Multiple Computerworld staffers have that Firefox is now blocking the Microsoft software. "These add-ons have a high risk of causing stability or security problems and have been blocked, but a restart is required to disable them completely," the Firefox warning message reads.

The history of the .Net Framework Assistant and Windows Presentation Foundation software is tangled and contentious. Firefox users complained last February, and then again in May, when they found out that Microsoft had pushed the components to their browser as part of the .NET Framework 3.5 Service Pack 1 (SP1) update, which was delivered via Windows Update.

Users were furious that the software was installed without their approval. To add salt to the wound, the components were impossible to uninstall without editing the Windows registry, a chore most users avoid because any misstep could cripple the PC. Later, Microsoft issued a follow-on update that made it the components without a registry edit.

Mozilla has been aggressively pursuing risky add-ons and plug-ins of late. Last month, it warned Firefox users running outdated versions of Adobe's Flash Player to upgrade, then last week added a more thorough to its arsenal.