Microsoft to fix the bug, which cybercrooks had been using since last week. The flaw relates to the way Windows handles animated cursors and could let an attacker commandeer a PC when the user views a malicious Web site or e-mail message.
The vulnerability could be exploited through any Windows application that relies on the operating system to. This includes , which according to some security experts than Internet Explorer 7 because the latest Microsoft browser .
"The vulnerability is caused by a Windows error?it can be exploited through both Firefox and Internet Explorer," Mike Schroepfer, vice president of engineering at Mozilla, said in a statement. "We are investigating issuing a workaround within Firefox in an upcoming security release." Mozilla coordinates Firefox development.
The Firefox workaround could be welcome for those users who, for whatever reason, don't install Microsoft's fix. Some compatibility problems with the Microsoft update have been reported. "Microsoft has issued a patch to fix Windows and we encourage all Windows users to apply this update immediately," Schroepfer said.
Security experts at Determina, which reported the animated cursor flaw to Microsoft, have by exploiting the flaw and how Firefox users are at a higher risk than IE 7 users.