Yesterday, we reported a highly critical Javascript vulnerability in Firefox 3.5. Well, today, Information Week is pointing out that code exploiting this vulnerability is already circulating on websites that publish such code. In addition, Metasploit, a hacker tool, has released a module related to this vulnerability.
If you use Firefox 3.5, and haven’t already done so, we recommend that you read this post on the Mozilla Security Blog explaining how to deactivate Javascript, until a fix is provided for Firefox. It is now relatively easy to trap users who visit malicious web pages, since code is widely available.
