This story came across my radar this morning (Microsoft Update Quietly Installs Firefox Extension). This seems bad news to me, and exemplifies one aspect of Microsoft's software model that I really rather dislike in comparison to, for example, how Ubuntu rolls out its updates.
Turns out this Firefox add-on, which is installed rather stealthily as part of a regular Windows .NET update, has its uninstall option disabled, which means Windows users need to go through a complex process to remove this, as described at annoyances.org (Remove the Microsoft .NET Framework Assistant (ClickOnce) Firefox Extension). Annoyances.org says:
This update adds to Firefox one of the most dangerous vulnerabilities present in all versions of Internet Explorer: the ability for websites to easily and quietly install software on your PC. Since this design flaw is one of the reasons you may've originally choosen to abandon IE in favor of a safer browser like Firefox, you may wish to remove this extension with all due haste.
If they're right about the potential for harm caused by this add-on, I guess Windows usersought to remove this asap.