Mozilla announced in their security blog post that a critical vulnerability exists in Firefox 3.5 and Firefox 3.6 versions which drops a Trojan silently when you visit affected site,Norman security vendor first spotted this vulnerability live on Nobel Peace Prize site on Tuesday.Firefox’s malware protection currently blocking this site.Mozilla confirms that this vulnerability doesn’t affect Firefox 4.0 users.

If user visits that site, a Trojan downloads silently into user’s Computer and this Trojan attempts to connect to two internet addresses in Taiwan, if the connection is successful attacker can access user’s computer.

Mozilla is developing a patch for this will be rolled to all Firefox 3.5 and 3.6 users as patch is tested and when ready.Meanwhile Mozilla suggest users to disable JavaScript or recommends to use NoScript add-on in Firefox.

disable JavaScript in Firefox to protect from critical vulnerability

To disable JavaScript in Firefox Tools>Options>Content and uncheck for “Enable JavaScript “ and click Ok to save changes.