Microsoft has confirmed that the .NET Framework Assistant add-on can't be used as a "mechanism" for exploiting a vulnerability in Internet Explorer (IE), said Mike Shaver, Mozilla's vice president of engineering.
The add-on enables what's called 'ClickOnce' support, a Microsoft technology for application deployment.
Mozilla is updating its list of blocked add-ons, and it should be re-enabled for those users who had it enabled in the first place, Shaver said.
Mozilla blocked the Framework Assistant last Friday. Earlier in the week, Microsoft warned that Firefox users were vulnerable to an attack because of a problem in the add-on if users had not applied the MS09-054 IE patch. Mozilla consulted Microsoft before implementing the block.
However, the second add-on, Windows Presentation Foundation, remains blocked.
"We're hard at work on improving the experience for (especially enterprise) users who wish to override the blocking of the WPF plugin before we remove it from the blocklist, and I'm working on a post to clarify the events of the past few days," Shaver said.
"We (especially I) appreciate your patience and support as we work to keep our users safe and comfortable with all the tools at our disposal."
Microsoft landed in hot water earlier this year when it pushed out the Framework Assistant add-on as part of a service pack for its .Net application framework. Users complained since they couldn't uninstall the plugin using the normal Firefox menu.
Microsoft later released an update allowing users to remove the add-on through Firefox rather than fiddling with the Windows registry.