October 19, 2009, 4:15 am
Update
After blocking Microsoft’s WPF plugin for Firefox due to what it believed was a security vulnerability, Mozilla has removed the block. The blocklist has been updated, but will take some time to propagate to clients, which will then be able to continue using the WPF plugin.
Original story
Mozilla has temporarily disabled Microsoft’s WPF plugin for Firefox in order to protect users from a security vulnerability that was recently uncovered in the component. The vulnerability can be exploited when users visit malicious Web pages that contain specially crafted XAML content.
Microsoft issued an Internet Explorer patch to fix the vulnerability through its Windows Update mechanism on Tuesday. The IE patch is said to fully resolve the vulnerability for Firefox users in addition to users of Microsoft’s own browser. Mozilla is concerned, however, that not all users have performed the Windows update yet. In order to protect users who are not yet patched, Mozilla has added Microsoft’s plugin to its add-on blocklist, causing it to be automatically disabled by the browser.