Firefox has unpatched "extremely critical" security holes and exploit code is already circulating on the Net, security researchers have warned. The two unpatched flaws in the Mozilla browser could allow an attacker to take control of your system. A patch is expected shortly, but in the meantime users can protect themselves by switching off JavaScript.
In addition, the Mozilla Foundation has now made the flaws effectively impossible to exploit by changes to the server-side download mechanism on the update.mozilla.org and addons.mozilla.org sites, according to security experts. The flaws were confidentially reported to the Foundation on 2 May, but by Saturday details had been leaked and were reported by several security organisations, including the French Security Incident Response Team (FrSIRT).