Just read that a recent update pushed out by MS adds a serious vulnerability to Firefox. The Microsoft .NET Framework 3.5 Service Pack 1 also installs an add-on in Firefox. You may have noticed the add-on if you’ve recently looked in your Firefox add-ons dialog.
Just read an article that I unfortunately don’t have difficulty believing. This add-on adds ‘One-Click support and the ability to report installed .NET framework versions to the web server’.
Reading the article linked below, it appears this really means ‘a web page can install something without notifying the user’.
Here’s the article explaining the risks, and how to uninstall the add-on.
And I found an interesting comment at the bottom of the article…
(And if you're thinking, "Why not just use a Mac," may I remind you of the MobileMe junk recently installed on so many Windows machines without their owners' permission!)