Users of Mozilla's Firefox web browser may have received an unpleasant surprise when they performed a routine security update for a Microsoft Windows component. Tens of millions of computers have silently installed an extra Firefox add-on - whether they wanted it or not.
The Firefox add-on shipped with a bundle of updates via Microsoft's .NET Framework Service Pack that was made available to users through the Windows Update Web site. If a user installs the .NET update, it automatically installs its own ClickOnce Firefox add-on that is both difficult and dangerous to remove once installed.
Annoyances.org noted that the update added to Firefox one of the most dangerous vulnerabilities present in all versions of Internet Explorer: it gives websites the ability to easily and quietly install software on your PC and offers instructions on how to remove it.
Normally, it's not a problem and you can just uninstall the add-on through Firefox's add-ons interface. The problem is, Microsoft has disabled the "uninstall" button on that extension. The only way to remove the add-on is to modify the Windows Registry, which, if not done correctly, can render your Windows PC inoperable.
Removal instructions are available from Brad Abram's Microsoft Blog.
Do yourself a favor and skip the first two steps of removal. Go straight to step 3. Close down Firefox completely, nuke the directory, and you're done. Start up FF again and it'll notice that the add-on is gone. Or at least my FF v3.0.6 did.
Nuking the directory kills the add-on for everyone on the computer, which is nice. This also has the advantage that the registry keys will still be around, possibly fooling any future version of this crap that MicroSoft tries to push on us into thinking that .NET Assistant is already installed. So maybe you won't get another copy when Microsoft arrogantly and insularly decides that they are the ones who get to decide what gets installed on your computer - whether you like it or not, peon!
Previously and previously.