Code execution via javascript: IconURL

MFSA 2005-42: Code execution via javascript: IconURL

Changes were made to the default Mozilla Update site to protect users from these attacks shortly after this attack became public. Users who have added other extension or theme sites to the software installation whitelist should remove them until they have upgraded to a fixed version of Firefox.
Select the "Options" dialog from the "Tools" menu
Select the "Web Features" icon
Click the "Allowed Sites" button on the same line as the "Allow web sites to install software" checkbox
Click the "Remove All Sites" button
Click "OK"
Disabling Javascript will prevent both attacks.