Secunia Advisory: SA15292 Print Advisory
Release Date: 2005-05-08
Last Update: 2005-05-09

Critical:
Extremely critical
Impact: Cross Site Scripting
System access
Where: From remote
Solution Status: Unpatched

Software: Mozilla Firefox 1.x

Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it.

Description:
Two vulnerabilities have been discovered in Firefox, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a user's system.

http://secunia.com/advisories/15292/

Meh. When most people are running Windows XP it's safe to assume that security isn't exactly paramount.

Does FF 1.0.4 fix this anyways? That's what I'm running. Didn't notice a change-log.

Not sure, but I think version 1.0+ (http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/latest-trunk/firefox-1.0+.en-US.win32.installer.exe) has a better chance for a fix. 1.0.4 is like four days older.

Personally I just disable the option that allows website to install software. Good fix for now.