Mozilla Firefox 3.5 'TraceMonkey' Component Remote Code Execution Vulnerability
Mozilla Firefox is prone to a remote code-execution vulnerability.
Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application. Failed attempts will likely result in denial-of-service conditions.
The issue affects Firefox 3.5; other versions may also be vulnerable.
NOTE: Remote code execution was confirmed in Firefox 3.5 running on Microsoft Windows XP SP2. A crash was observed in Firefox 3.5 on Windows XP SP3.
UPDATE (July 15, 2009): Remote code execution is also possible in Firefox 3.5 running on Apple Mac OS X.