An unpatched memory corruption flaw in the latest version of Firefox creates a means for hackers to drop malware onto vulnerable systems.
Older versions of the popular alternative browser might also be affected, Secunia warns.
Exploit code has been uploaded onto recently revived security exploit website milw0rm, a factor that could hasten the development of more attack code.
Secunia advises Firefox users to avoid browsing untrusted websites or following untrusted links pending the availability of a fix from Mozilla (there's nothing in the pipeline just yet).
Not a good week for browsers... Firefox/3.5 with one vulnerability, SeaMonkey/1.1.17 with one still not updated after several weeks, and MSIE8 with two -- one patched today, but another still outstanding.
For those who often end up on questionable sites while reviewing backlinks, etc., it'd be a good week to test-drive Chrome, Opera, or Apple Safari if disabling JS is not an option for your testing.