According to ZDNet yesterday:
“The open-source Firefox Web browser is critically flawed in the way it handles JavaScript, two hackers said Saturday afternoon.
An attacker could commandeer a computer running the browser simply by crafting a Web page that contains some malicious JavaScript code, Mischa Spiegelmock and Andrew Wbeelsoi said in a presentation at the ToorCon hacker conference here. The flaw affects Firefox on Windows, Apple Computer’s Mac OS X and Linux, they said.”
The full story can be found here and it looks as though the NoScript add-on can help mitigate the effects of the exploit (not a patch…just a workaround).