YNOT – After blocking a Microsoft browser add-on and associated plug-in last Friday due to a documented security vulnerability, Mozilla today unblocked the add-ons for Firefox and said the plug-in will be restored in a matter of days.Microsoft reported last week that two of its add-ons, .NET Framework Assistant and Windows Presentation Foundation, contained security flaws that made their users vulnerable to attack. The company had issued a patch for the software, but Mozilla decided it wasn’t enough to protect users of its Firefox browser because Microsoft had been installing the software without the permission of users.

Making matters worse, uninstalling the add-on was extremely difficult and until recently required users to edit the Windows registry.

“Because of the difficulties some users have had entirely removing the add-on, and because of the severity of the risk it represents if not disabled, we contacted Microsoft today to indicate that we were looking to disable the extension and plug-in for all users via our blocklisting mechanism,” said Mozilla’s Mike Shaver last Friday.

According to reports, the vulnerability in the Microsoft add-ons could be used by hackers to hijack Windows-based computers. At risk were users of Firefox, as well as users of all versions of Internet Explorer. Although Microsoft issued an announcement that a security patch it released last week would protect users of Internet Explorer, the company hadn’t mentioned Firefox. When Mozilla blocked the two add-ons late Friday, it was only the ninth time the company has used its blocking tool since it was released in 2007.

“This was an unusual case of using the blocker,” Shaver said. “Version information was not available to us at first, and since [the add-ons were] installed by many users, many of them were unaware they even had it, and the add-on and plug-in were difficult to uninstall, we thought it best to block them, at least for a time. Microsoft agreed.”

Blocking the .NET Framework Assistant add-on proved to be a headache for users who relied on it to power certain software run through their browsers. Although it has now been taken off the block list, the associated Windows Presentation Foundation plug-in is still blocked for the time being.

According to Shaver, Mozilla is working on an improvement to its user notification system that will automatically deactivate any plug-ins that are installed by third party software. Users will then be notified of the plug-in and given the option of activating it.

“We’re big believers in informed user choice,” said Shaver. “So we’re going to improve notifications to users when plug-ins are installed. We do that with add-ons in Firefox now, which checks for those added since the last time you ran the browser. We will do the same thing for plug-ins, likely in Firefox 3.7.”