Exploit code for a “highly critical” vulnerability in Mozilla Firefox has been released on the Internet, putting millions of Web surfers at risk of remote code execution attacks.
The vulnerability is currently unpatched, according to an advisory from Secunia.
The vulnerability is caused due to an error when processing JavaScript code handling e.g. “font” HTML tags and can be exploited to cause a memory corruption. Successful exploitation allows execution of arbitrary code.
It has been confirmed in Firefox version 3.5 but other versions may also be affected, Secunia said.
If you use Firefox, it’s important to immediately disable JavaScript within the browser until Mozilla’s security engineers can ship a fix.