According to an article on V3.co.uk
The flaw – for which there is no patch yet available – is the subject of at least one confirmed working exploit available on the web, making it easier for ne'er-do-wells to craft their own version and attack hapless web browsing users.
While the Foundation is working on a patch, an advisory
option in the browser's about:config
Alternatively, Firefox users could install the NoScript
The Firefox development team at Mozilla are said to be “working on a fix for this issue
” which will be sent out to users as an automated Firefox Security Update as soon as testing is complete.
Any Firefox 3.0 users glad they didn't make the upgrade, or are you sniggering while patting your Opera or Internet Explorer install? Should the Mozilla Foundation be doing more to publicise this issue, which it rates as “critical
?” Share your thoughts over in the forums