OK - I've re-read this thread and need some clarification:
tried it last night. Didn't work. The apps is trying to install itself on my HDD instead of the U3-compliant flash-drive. (ie. the add-on program is not U3-compliant)
Both
http://windowsupdate.62nds.com and
http://xp-antispy.org will try to write to the windows directory. By design intent, they are trying to patch the OS and modify it's permissions respectively. The windows directory is discovered by querying a variable called %WinDir%. When I re-read your post, you say that Firefox is on the USB stick. If your OS is on the hard drive, then both WindowsUpdate or XP-Anti-spy should be trying to write to the HDD.
I'm a bit ignorant of U3 technology. Just reading about it on
http://www.everythingusb.com/u3.html I've learned that they emulate 2 partitions on the flash - One that looks like a CDROM and one that looks like a HD. I've heard of people putting Linux on a flash stick, but not sure if you've succeeded in getting Windows there. Depending on the image in the CDROM file system, I suppose an OS upgrade might try to write there, which will likely fail as it is read-only (CDROM emulation). As I think about it, Windows is always writing the registry and other stuff there, which might explain why it's very difficult to get Windows running from flash.
Anyway - looks like this is getting very technical and soon will be over my head.