Photo by fedcomite
Mozilla recently block-listed a highly used Microsoft WPF/ClickOnce add-on. While this may have caused some angst with some, perhaps fearing a turf-war, it turns out that this was a collaborative effort between the two companies to protect users from recent Microsoft security alert MS09-054.
Mr. Abrams references Mike Shaver, Mozilla Vice President for Engineering, who posted a blog discussing the decision to block the add-on.
Because of the difficulties some users have had entirely removing the add-on, and because of the severity of the risk it represents if not disabled, we contacted Microsoft today to indicate that we were looking to disable the extension and plugin for all users via our blocklisting mechanism. Microsoft agreed with the plan, and we put the blocklist entry live immediately.
This occurred on Oct 16. Two days later Mr. Shaver posted the following:
Microsoft has now confirmed that the Framework Assistant add-on is not a vector for this attack, and we have removed the entry from the blocklist. We are also working on a mechanism to allow Firefox users to re-enable the WPF plugin ahead of its eventual removal from the blocklist.
This type of communication (& collaboration) benefits the customers of both Microsoft and Mozilla. A problem was identified and cooler heads prevailed.
Thanks to Mr. Abrams for his post.