Mozilla is working on a fix for a "highly critical" vulnerability in is Firefox browser.
The vulnerability, which puts users at risk of remote code execution attacks, affects Firefox 3.5, but other versions may also be at risk.
Mozilla said an attacker can exploit the vulnerability by luring Firefox users to a malicious web page containing the exploit code.
"Exploitation of this vulnerability may allow an attacker to execute arbitrary code. Additionally, exploit code is publicly available for this vulnerability," US-CERT warned.
Proof-of-concept exploit code was posted on Milw0rm.com, an exploit code aggregation site.