Mozilla has now unblocked a Microsoft add-on thought to pose a danger due to a software vulnerability, but a second add-on remains blocked, the organization said on Sunday.

Microsoft has confirmed that the .NET Framework Assistant add-on can't be used as a "mechanism" for exploiting a vulnerability in Internet Explorer (IE), wrote Mike Shaver, Mozilla's vice president of engineering, on Sunday. The add-on enables what's called "ClickOnce" support, a Microsoft technology for application deployment.

Mozilla is updating its list of blocked add-ons, and it should be re-enabled for those users who had it enabled in the first place, Shaver said.

Mozilla blocked the Framework Assistant last Friday. Earlier in the week, Microsoft warned that Firefox users were vulnerable to an attack because of a problem in the add-on if users had not applied the MS09-054 IE patch. Mozilla consulted Microsoft before implementing the block.

Still blocked is the Windows Presentation Foundation (WPF) add-on, but Mozilla is working on an alternative for users.

Full story: PC World