Mozilla has backtracked on its move to disable a Microsoft add-on tied to a security vulnerability.
After placing the Microsoft .NET Framework Assistant on a block list due to concerns about a Microsoft vulnerability (CVE-2529), Mozilla said Oct. 18 it will re-enable the . NET Framework Assistant for Firefox users.
“We received confirmation from Microsoft this evening that the Framework Assistant add-on is not a mechanism for exploiting the vulnerabilities detailed in the earlier post, so we’ve removed it from the block list,” blogged Michael Shaver, vice president of engineering at Mozilla. “As the block list update propagates to clients, the add-on should be re-enabled for users who had it previously enabled.”
Microsoft had warned Firefox users Oct. 16 that they were vulnerable to attack if they had not applied MS09-054, which was part of the massive Patch Tuesday update for October. Mozilla also added the Windows Presentation Foundation plug-in to the block list. For the moment, that plug-in will remain on the list, Shaver stated in his post.
“We’re hard at work on improving the experience for (especially enterprise) users who wish to override the blocking of the WPF plug-in before we remove it from the blocklist, and I’m working on a post to clarify the events of the past few days,” Shaver wrote. “We (especially I) appreciate your patience and support as we work to keep our users safe and comfortable with all the tools at our disposal.”