They didn't modify FF. FF includes a way to use plugins. They just put a plugin in a specified place. They didn't really change anything about other programs.
I'm not talking about tehnical aspects here. Firefox had no known security holes before the update. They clearly modified it in some way. How they did it is irrelevant. They should be liable, whether they modified FF direcly or indirectly via plugins etc. What they did fits the definition of malware to the letter: http://en.wikipedia.org/wiki/Malware
(Oh, and for the record, I'm not a anti-MS zealot, it's just kinda scary to think about the power MS has, to push updates to HUNDERDS of millions of PC. I think with that power should also come great responsability)
