Security Watch: Vulnerabilities Everywhere and Secret Patches
A bug in Firefox 1,5.0.2, the current patched-up version, allows remote code execution, but only through some user cooperation. The Firefox development team is working on a patch.
The problem happens when non-image content is presented in an IMG tag. It will appear to the user as a broken image link. If the user right-clicks and chooses the View Image option, the file will be downloaded and, if the type is in the Firefox bypass list, executed.
Πηγή:
http://www.pcmag.com