Two vulnerabilities in the popular Firefox browser have been rated “extremely critical” because exploit code is now available to take advantage of them. The cross-site scripting and remote system access flaws were discovered in Firefox version 1.0.3, but other versions may also be affected, said security company Secunia, which issued the ratings Sunday. One flaw involves “IFRAME” JavaScript URLs, which are not properly protected from being executed in the context of another URL in the history list. A second vulnerability exists in the IconURL parameter in InstallTrigger.install(). Information passed to this parameter is not properly verified before it’s used, allowing an attacker to gain user privileges. This flaw could allow an attacker to gain and escalate user privileges on a system.

You can disable JavaScript as a workaround for now, but when a patch is released, I guess I would need to reinstall this all over again. *sigh*. And everyone says (including me) that this is more secure than IE. You can read the details here .

Update: You can more information about the bug and the work around from Mozilla here .