A vulnerability in the way Firefox handles CSS allows an attacker to take advantage of an integer overflow and execute arbitrary code. In order for the attack to be successful a user must browse to a malicious site. The advisory is available here.
This critical vulnerability was reported to Mozilla before details were available publicly. By keeping the details of the issue private until the issue was patched, TippingPoint and Mozilla were able to keep the risk to users minimal.
This issue is patched in Firefox 3.0.1 and 18.104.22.168 which are now available. Users will be prompted to install the update through the automatic update feature. If you would like to update now, select “Check for Updates” from the Help menu.
An anonymous reporter found this vulnerability and reported it to TippingPoint. TippingPoint reported it to Mozilla.