From the "did you guess that?" files:
I personally to date have not seen a weaponized version of this attack (though it doesn't on the surface sound to be to difficult to build). Kudos to Mozilla for admitting they made an error here though - and more importantly for fixing it so quickly.
Now Firefox 2.x can finally be put to rest.