The trojan attack on visitors to the Nobel Peace Prize web site reported on Tuesday, exploited a previously unknown vulnerability in Firefox. No detailed information on the vulnerability is available at present, with access to the Bugzilla entry restricted to registered developers only.
It is fairly rare for attackers to exploit unknown vulnerabilities in Firefox. A zero day exploit for Firefox did crop up in the middle of last year, but at the time it was not being actively exploited for attacks.

The Mozilla Foundation has confirmed the existence of the vulnerability in versions 3.6 and 3.5 and classed it as critical. Mozilla is working on a patch, but until this is ready Mozilla advise users to deactivate JavaScript or to use the NoScript plug-in.

The link for this article located at H Security is no longer available.