Don't you try to swoon me with Firefox talk, Anye. Dx
From what I've read, the vulnerability mentioned in this article was patched via Windows Update 2 days ago, but because there's no guarantee to Firefox users that they're updating their systems, they've added it to the block-list for now. If you do not have patch MS09-054 installed then this is worth disabling, as I've read.
Quote:
I'm sorry, but I still disagree with this block. Were the problem unpatched,
then I could agree with it. But you're blocking a PATCHED vulnerability!
People who aren't installing their operating system patches automatically or
regularly are likely vulnerable to all sorts of things.
Users who are automatically receiving windows updates received the patch for
this issue *2 days* before this block was put out.
In fact, the Computerworld article linked in the description of this bug
states, "This week, Microsoft did not revisit the origin of the .NET add-on,
but simply told Firefox users that they should uninstall the component if they
weren't able to deploy the patches provided in the MS09-054 update."
Very clearly, ONLY if you are not going to deploy MS09-054 should you block the
add-on. Since MS09-054 was deployed as part of Patch Tuesday on 14 October
2009, automatically pushed via Windows Update as an Important update.
Here's more reading on the subject, but essentially says the same as the quote in regards to which users should be concerned:
http://blogs.technet.com/srd/archive/2009/10/12/ms09-054.aspxThanks for the notice, Anye, didn't know anything about this!