For those who might not have paid too much attention to this extension, or just missed it altogether, Firefox users have a new security problem installed without notification courtesy of Microsoft. Full story here (http://voices.washingtonpost.com/securityfix/2009/05/microsoft_update_quietly_insta.html#more). To summarize:

"Annoyances.org, which lists various aspects of Windows that are, well, annoying, says "this update adds to Firefox one of the most dangerous vulnerabilities present in all versions of Internet Explorer: the ability for Web sites to easily and quietly install software on your PC." I'm not sure I'd put things in quite such dire terms, but I'm fairly confident that a decent number of Firefox for Windows users are rabidly anti-Internet Explorer, and would take umbrage at the very notion of Redmond monkeying with the browser in any way.

Big deal, you say? I can just uninstall the add-on via Firefox's handy Add-ons interface, right? Not so fast. The trouble is, Microsoft has disabled the "uninstall" button on the extension. What's more, Microsoft tells us that the only way to get rid of this thing is to modify the Windows registry, an exercise that -- if done imprecisely -- can cause Windows systems to fail to boot up."

Shame on Microsoft! Thanks Slgrieb for the tip, I'll pass this on to my friends and family that use FF.

Interesting. Thanks for the heads up.

Microsoft now has a fix that permits removal of their add-on. Security Fix has the full story here (http://voices.washingtonpost.com/securityfix/2009/06/microsoft_patch_to_fix_firefox.html). It's worth reading the entire story, the links, and the commentaries.

Cogent arguments on both sides in the comments at Bugzilla.... and proof that Microsoft listens!