US-CERT is warning today about a new un-patched 0-day Firefox 3.5 vulnerability. According to US-CERT, the vulnerability is due to an
There is proof of concept code for the exploit publicly available now and as such in my opinion this represents an immediate threat to Firefox 3.5 users. To the best of my knowledge this is the first 'critical' flaw publicly reported for the Firefox 3.5 release which came out two ago.
The code that I saw was written by security researcher Simon Berry-Byrne and is officially titled, "Firefox 3.5 Heap Spray Vulnerability. Berry-Byrne in his proof of concept code thanks security research H D Moore, "...for the insight and Metasploit for the payload." Metasploit is an open source security testing framework which can enable an attack to become 'weaponized' for testing and research purposes.
There is a second potential vulnerability that is making the rounds in the security research community involving a DNS leakage in Firefox 3.5.