The following article is reprinted from the
Security Alert blog at
according to Secunia, which tracks security vulnerabilities.
Sample exploit code is already available online, so while there aren’t yet any reports of active attacks against this new flaw, there soon could be. Such an assault would likely take the form of a poisoned Web page that uses behind-the-scenes attack code to trigger the flaw.
Brian Krebs’ post for instructions. Firefox 3.0 users who haven’t yet upgraded shouldn’t be vulnerable to this flaw, and won’t find the setting that Krebs describes.