MS Quietly Patches Firefox: Vulnerable, No Uninstall

Dennis Faas's picture

Users of Mozilla's Firefox web browser may have received an unpleasant surprise when they performed a routine security update for a Microsoft Windows component. Tens of millions of computers have quietly installed an extra Firefox add-on whether users wanted it or not.

Firefox .NET ClickOnce Addon

The Firefox add-on shipped with a bundle of updates via Microsoft's .NET Framework Service Pack that was made available to users through the Windows Update Web site.

If a user installs the .NET update, it automatically installs its own ClickOnce Firefox add-on that is both difficult and dangerous to remove once installed. (Source:

ClickOnce Addon Allows for Dangerous Vulnerability noted that the update added to Firefox one of the most dangerous vulnerabilities present in all versions of Internet Explorer: it gives websites the ability to easily and quietly install software on your PC and offers instructions on how to remove it.

Normally, it's not a problem and you can just uninstall the add-on through Firefox's add-ons interface. The problem is, Microsoft has disabled the "uninstall" button on that extension. The only way to remove the add-on is to modify the Windows Registry, which, if not done correctly, can render your Windows PC inoperable. Removal instructions are available from Brad Abram's Microsoft Blog.

Not the First Time

This isn't the first time Microsoft has been found installing unwanted software, making one wonder once again what else Microsoft is installing without a users' knowledge while providing another excellent example of how not to convince people to trust their security updates.

Visit Bill's Links and More for more great tips, just like this one!

Rate this article: 
No votes yet