A vulnerability has been reported in Firefox which could allow malicious sites to compromise computers running the browser. The security hole, which is rated highly critical by Secunia, affects all versions, including Firefox 1.0.6 and earlier and the just-released beta version of Firefox 1.5. An attack can be created using a specially-crafted URL, which will cause a buffer overflow in Firefox that results in a denial of service and, in some cases, remote code execution.
The flaw was discovered by researcher Tom Ferris of Security Protocols, who found an error in the way Firefox handles URLs (see description here). The vulnerability has been reported to the Mozilla Foundation, which is preparing a fix. There have been 86 million downloads of the Firefox browser, with recent estimates placing its market share at about 9 percent of Internet users.