Update – October 28 – late in the day on October 27, a patch was released for the zero day Firefox vulnerability. Please do a check for updates for firefox.
A vulnerability has been identified in Firefox and it is currently being exploited. There is no patch currently available
Vulnerability in Mozilla Firefox Could Allow Remote Code Execution
An vulnerability has been discovered for Mozilla Firefox that could allow attackers to execute arbitrary code on affected systems. Mozilla Firefox is a web browser used to access the Internet. Exploitation can occur if a user visits a webpage designed to take advantage of this vulnerability. Successful exploitation could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user account, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Failed exploit attempts may result in a denial-of-service condition.
It should be noted that there is no patch available for this vulnerability at this time and reports indicate that this vulnerability is currently being used to spread malware over the Internet.
* Mozilla Firefox 3.5.x
* Mozilla Firefox 3.6.x