Microsoft issued an Internet Explorer patch to fix the vulnerability through its Windows Update mechanism on Tuesday. The IE patch is said to fully resolve the vulnerability for Firefox users in addition to users of Microsoft's own browser. Mozilla is concerned, however, that not all users have performed the Windows update yet. In order to protect users who are not yet patched, Mozilla has added Microsoft's plugin to its add-on blocklist, causing it to be automatically disabled by the browser.
Mike Shaver, Mozilla's vice president of engineering, described the security problem in a blog entry posted Friday in the official Mozilla security blog. He explains that Mozilla decided to block the plugin when Microsoft suggested that users should consider turning it off until the efficacy of the fix has been fully confirmed. The related .NET Framework Assistant add-on was initially blocked too, but Mozilla removed it from the blocklist when Microsoft later confirmed that it was not vulnerable.