Researchers have discovered two vulnerabilities - rated extremely critical by the security firm Secunia - in the increasingly popular Firefox browser. The unpatched vulnerabilities allow malicious attackers to download and execute arbitrary code, in effect giving the attackers full control of the user's PC. Public exploit code for the vulnerabilities has also been discovered.
Thus far in 2005, researchers at Secunia have issued 12 security advisories due to flaws and exploits in the Firefox browser, compared to 6 advisories for Internet Explorer 6.x. A total of 45 security advisories for Firefox have been issued in the past.
Currently, no patch is available to resolve these latest vulnerabilities in Firefox. Both Mozilla and Secunia recommend disabling Javascript as a temporary workaround until patches are available.
In October 2004, Firefox was one of several browsers found susceptible to tabbed browser vulnerabilities that could cause users to unintentionally divulge sensitive information to unintended recipients, or cause them to download and/or execute content for a site other than they intended. Internet Explorer was not affected.
In April 2005, Mozilla reported that over 50 million users had downloaded the Firefox browser.
