Mozilla is working on a fix for a "highly critical"
vulnerability in is Firefox browser.
The vulnerability, which puts users at risk of remote code
execution attacks, affects Firefox 3.5, but other versions may also
be at risk.
Mozilla said an attacker can exploit the vulnerability by luring
Firefox users to a malicious web page containing the exploit
code.
The security hole is due to an error in the way JavaScript code
is processed, according to the
US Computer Emergency Readiness Team (US-CERT).
"Exploitation of this vulnerability may allow an attacker to
execute arbitrary code. Additionally, exploit code is publicly
available for this vulnerability," US-CERT warned.
Proof-of-concept exploit code was posted on
Milw0rm.com, an
exploit code aggregation site.
US-CERT said Firefox users should disable JavaScript. The
organisation has also
posted instructions on other ways of mitigating the risk until
a fix is released.