It's funny how everytime someone writes a "sky is falling" Firefox article, Java finds itself as the culprit but escapes the headlines everytime.
For the fourth time in three months, major security flaws in the upstart Firefox Web browser have pushed volunteers at the Mozilla Foundation into damage-control mode.
The open-source group late Sunday rushed out a partial fix for a pair of "extremely critical" Firefox vulnerabilities after zero-day exploit code leaked onto the Internet and promised a comprehensive patch would be available soon.
Mozilla's public acknowledgement of the vulnerabilities includes a chilling warning that an attacker could combine the flaws to execute malicious code without user interaction.
The vulnerabilities have been confirmed in Firefox 1.0.3. The Mozilla Suite is only "partially vulnerable" to the bugs, according to the Foundation.
Firefox users are urged to disable JavaScript immediately as a temporary workaround. Additionally, Mozilla recommends that the browser's software installation feature be disabled. This can be done by unchecking the "Allow web sites to install software" box, which can be found by selecting Options on the Tools menu and then Web Features.
