An active Firefox exploit

Mozilla has posted awarning about a Firefox vulnerability that is currently being activelyexploited on the net. "The vulnerability comes from the interactionof the mechanism that enforces JavaScript context separation (the 'sameorigin policy') and Firefox's PDF Viewer. Mozilla products that don'tcontain the PDF Viewer, such as Firefox for Android, are notvulnerable. The vulnerability does not enable the execution of arbitrarycode but the exploit was able to inject a JavaScript payload into the localfile context. This allowed it to search for and upload potentiallysensitive local files." There is asecurity update for the problem.