Firefox hit the one billion download mark in August and has 32% of the browser market while IE holds about 60% of the market.

Mozilla and Microsoft are working together on a security flaw in some Microsoft add-ons that affects Firefox users. Mozilla reports that it has blocked two Microsoft add-ons installed silently for computers running the .NET Framework 3.5 SP1. The add-ons that Mozilla is blocking are the .NET Framework Assistant and Windows Presentation Foundation component because of a vulnerability that the add-ons allow for Firefox.

Mozilla VP of engineering Mike Shaver wrote in a blog post, "Because of the difficulties some users have had entirely removing the add-on, and because of the severity of the risk it represents if not disabled, we contacted Microsoft today to indicate that we were looking to disable the extension and plug-in for all users via our blocklisting mechanism. Microsoft agreed with the plan, and we put the blocklist entry live immediately.”

The vulnerability in question is CVE-2009-2529 that allows an exploit when a Firefox user visits a malicious website. The user only has to visit a website running malicious code to be affected.

Microsoft wrote a blog post about the threat saying, "Triggering this vulnerability involves the use of a malicious XBAP (XAML Browser Application). Please note that while this attack vector matches one of the attack vectors for MS09-061, the underlying vulnerability is different. Here, the affected process is the Windows Presentation Foundation (WPF) hosting process, PresentationHost.exe."

Microsoft says that Firefox users with .NET Framework 3.5 installed can disable the add-ons by going to Tools'-> 'Add-ons' -> 'Plugins,' select 'Windows Presentation Foundation,' and click 'Disable'. Those who have downloaded the Microsoft patch are protected against the vulnerability as well.