A bug that allows hackers to inject JavaScript code in link tags supporting “favicons” and a Mozilla-specific flaw which allows the execution of arbitrary code remotely via the Firefox side bar both pose a severe risk after they were recently coded up in script-kiddie friendly exploits. A third critical security bug – affecting versions of the browsers prior to Firefox 1.0.3 and Mozilla 1.7.7 – involves privilege escalation via DOM (Document Object Model) property overrides.
Link: The Register
