Any program (plug-in) sitting on top of the browser only has what access the browser allows it. If the plug-in exposes a vulnerability, then it is the browser’s fault. At least, this is the logic used to blame IE for add-ons installed there that create problems.
You’re correct. BUT, in Firefox’s case, ONLY if the mechanism is installed in the browser. MS surreptitiously and silently, installed it. That’s why Mozilla blocked it.
In the last 2 months, and especially after “patch tuesday” of last, I’ve seen about 7 silent installs from MS on pc’s. I spent this last entire weekend repairing the damages for several people.
And, BTW, this was installed in Thunderbird, as well. So, some might just suspect MS was attempting to setup Mozilla, in light of their success against the mighty Redmond.