Ars Technica has done the legwork here, and it's actually pretty bad. This Tuesday, Redmond pushed out its usual batch of updates, and one of them relates to the Windows Live Toolbar, MSN Toolbar, and Bing Bar. Without asking the user, and without any indications, the update in question, KB982217, installs two browser extensions - one for Internet Explorer, one for Firefox.
Since the update is related to these search toolbars (the MSN and Live ones are superseded by the Bing Toolbar), it's safe to assume affected users have one of these toolbars installed. They are available for both Internet Explorer and Firefox, so it makes sense that only these two are affected. Ars did some digging:
Ars installed the update on a test system where the Windows Live Toolbar was installed for Internet Explorer only - yet, the Firefox extension was installed as well. This is very troubling, and as you can imagine, Firefox users are not particularly amused, nor is Mozilla. "We're in contact with Microsoft, and are looking into it," a Mozilla spokesperson told Ars Technica, "As far as we know at this time, there are no security implications to this add-on's background installation."
Security issue or no, this is troubling on so many levels. First, an update description should properly list what is being altered and/or added to the system. Second, Firefox is not a Microsoft product, and is not updated via Windows Update, and as such, should not be tampered with. Third, if any of the toolbars in question is not installed for Firefox, the extensions should not be installed. Fourth, this is my computer. Just as much as I dislike Apple for pretending my iPhone is actually theirs, I dislike Microsoft for thinking my computer is theirs (okay I'm actually not affected - I use Linux).
Microsoft needs to act quickly on this one, because this is totally unacceptable.