[ZeroGravitas]

Microsoft hasn't chosen this approach in IE9.

They originally were going to only use H.264, and only provide IE9 on operating systems where they themselves had provided the H.264 codec (Vista & 7).

They've since committed to supporting a user install of WebM but I've seen no technical details of how this will pan out e.g. what if you install more than one WebM codec from different sources? They have been clear that no other codecs (e.g. DivX, WMV, Dirac, Theora) will be picked up regardless of built in support or user installation.

As you rightly note Mozilla, particularly on XP which makes up about 60% of their user base, would be relying on god knows what kinds of codec packs that users have acquired over time, a known malware vector and so bundle their own codecs.

[recoiledsnake]

How can Firefox using the "known malware vectors" make things any worse if they're already installed on the user's system?

[ZeroGravitas]

The "vectors" aren't installed, vectors are the way that they get installed. Training people to install codec packs when prompted in order to see a video is considered risky, since the next time they see a similar message it's likely to be someone up to no good.