Maybe not so new, based on information in the article. In any case, it's rated critical--or will be. Depending on one of your default settings (sites with install privileges), you may or may not be immediately at risk. One more thing to note, this exploit can affect FireFox running under other OS's.

http://www.whitedust.net/newsview.php?NewsID=450

I just read about the problem Secunia just posted regards FF cross-site scripting vunerability
http://secunia.com/advisories/15292/

It will be patched in a reasonably short time, but NO BROWSER IS INVUNERABLE.

Hmmm...in the Firefox settings is a box to "Allow websites to install software". I'm glad I always make sure that option is UNCHECKED, so maybe this kind of thing won't get anywhere...

The first article made a good point,

-quote-
Firefox's increased market share is apparently now proving, as many speculated it would, to be a double edged sword, also lending weight to the argument that up until recently other browsing software (including Firefox) deemed "more secure than MSIE" has simply been benefiting from the somewhat dubious laws of "security through obscurity".

I think this has been pointed out here on the forums as well in our various discussions about security related issues, and it seems now some of the other more secure browsers are going to start having some problems of their own. I still think Firefox and other alternate browsers are inherently more secure than IE since they don't use ActiveX and are not essentially part of the OS. "Security through obscurity" may be at least partially true, and I think it is, but it's not the whole picture. I think IE will always be a malware magnet until M$ decides to finaly pull the plug on some of the "features" that should have been disabled long ago - especially ActiveX - soon as they found out it was being used to install viruses. That was IE4 by the way, which was what...7 or 8 years ago?

While this is technically possible. There are NO actual reports of this in the wild. Unlike the MS problems (which are real) this is only a potential problem.

Glad you pointed that out, this report relates to a "proof of concept", which means one of the security organizations [usually] has spotted a problem and developed a way to prove to the software companies that it can be done. It's not actually an "in the wild exploit", just a potential problem that has been spotted and reported, but we should be prepared to see it become a reality, and be ready for more.

As Firefox gains ground I'd almost bet it will become an active target same as IE now is, ditto for Linux. This I think may have caught Firefox and other browsers as "passive" targets - they were sitting there in the line of fire - but I don't think it will be all that long before alternative software will be targeted the same as M$ is, the malware writers out there aren't going to stop just because someone besides M$ is getting a bit of attention. As Linux and Firefox both gain popularity I think they will also be increasingly targeted by writers of viruses, spyware, trojans, rootkits and browser hijackers. If that's not done intentionally, it will become a fact by association...Casual onlookers at the back of the crowd in a riot get a dose of teargas too...the same thing will happen with alternative sofware, and as it gets more and more popular I expect it to be specifically targeted.

I agree Pete. The words "security through obscurity" describe the current situation well--FireFox and Linux design benefits not withstanding. The attacks on the "alternative" user base may not have increased to even one yet but as I said before, a larger user base equals more targets of opportunity. If (or as) the FireFox (and Linux) user base grows, chances are it's just a matter of time before we do see reports of a vulnerability moving from the potential to to the real with casualties.

I ran into this explanation of both issues:
http://www.mozillazine.org/talkback.html?article=6590

I hope the problem will be fixed soon, but I will agree with Classicsoftware it is just a potential problem at the current time.