A routine security update for a Microsoft Windows component installed on tens of millions of computers has quietly installed an extra add-on for an untold number of users surfing the Web with Mozilla’s Firefox Web browser, according to a report [washingtonpost.com] by Brian Krebs

The Firefox add-on was silently added to Firefox when users downloaded a service pack for the Microsoft .NET Framework.  Annoyances.org explains why this is a security problem:

This update adds to Firefox one of the most dangerous vulnerabilities present in all versions of Internet Explorer: the ability for websites to easily and quietly install software on your PC. Since this design flaw is one of the reasons you may’ve originally choosen to abandon IE in favor of a safer browser like Firefox, you may wish to remove this extension with all due haste.

Here are the removal instructions to get rid of Microsoft’s sneaky extension.

nCircle’s Tyler Reguly warns that this means that Microsoft is now enabling drive-by downloads in Firefox.

Categories: Web Security