This has just been posted to Bugtraq.
For now you can test if your version is vulnerable, here. (will cause Firefox to close)
So far Firefox 220.127.116.11 and 2.0 (Linux) have been tested, and both vulnerable. Firefox 1.0.7 (Win32), not vulnerable.
The code used on the test page and the one submitted to Bugtraq can be found here.
Severity: … not really
Update: This attack does not allow remote code execution! It has been posted on the mailing lists and several news sites.
Recent in Exploits/Vulnerabilities:
- Target CIO Beth Jacob Resigns After Huge Breach
- 2 Different Hacker Groups Exploit The Same IE 0-Day
- Researchers Crack 4096-bit RSA Encryption With a Microphone
- MS and the new IE vulnerability – Object Tag
- Mozilla Denies Firefox 3.5 Bug Is Exploitable
- Microsoft Breaks Patch Cycle to Issue IE Patch
Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 224,582 views
- AJAX: Is your application secure enough? - 118,893 views
- eEye Launches 0-Day Exploit Tracker - 84,984 views