Mozilla's Firefox browser, the latest discovery of two serious security vulnerabilities, can be used to launch cross-site scripting attacks and the invasion of user's system.
Security company Secunia has labeled these two flaws "extremely critical" (very serious) level. Exploit code is said to have been spread on the Internet madness. The first vulnerability allows Firefox history list in the URL instead of IFRAME avascript URLs, so that the browser during the session with a malicious Web site can execute HTML and script code. Another flaw is when the Mozilla Firefox web site updates, the code sent to the install function, the operation can not be correctly identified before.
Secunia said that the affected Firefox version 1.0.3, but does not rule out the possibility of other versions. Secunia recommends that users disable avascript, and close the line to install the software functionality. In addition, Mozilla has issued a temporary update site solution to prevent malicious code attacks the joint use of the loophole.