In what universe is it acceptable for vendor A to modify vendor B's software on User C's (i.e. my) computer? To modify it at all, let alone with security-impacting ramifications?
Earth to Microsoft: drive-by downloads are among the worst of vulnerabilities. They must be avoided at all costs. And the way to avoid them is not to be more careful when writing and installing unnecessary little browser plug-ins. The way to avoid them is not to install unnecessary little browser plug-ins in the first place. (And if you simply must install unnecessary little browser plug-ins, do it with your own grotty browser, not the non-Microsoft one I installed specifically to avoid all the security concerns of yours.)