Secunia are reporting a CRITICAL bug in Firefox 3.5 (older can be affected) that enables code execution on the cliant. This means that you can surf to a website and if they are evil they can install virus, trojans or other scary programs.
The vulnerability is caused due to an error when processing JavaScript code handling e.g. "font" HTML tags and can be exploited to cause a memory corruption.
Solution:
Set "javascript.options.jit.content" to "false" by opening about:config.
Do not browse untrusted websites or follow untrusted links.
Original Advisory:
SBerry:
http://milw0rm.com/exploits/9137
Mozilla:
http://blog.mozilla.com/security/2009...vascript-vulnerability-in-firefox-35/
