Firefox users have been warned that they could be hit with malware, after Mozilla confirmed that a new zero-day exploit is being used by cyber criminals.

The latest critical vulnerability is believed to affect version 3.5 and 3.6 of the Firefox browser, and has already provided opportunity to malware makers.

According to Graham Cluley's Sophos blog, the Nobel Peace Prize website is one of the most notable victims of the problem – and has been propagating a Trojan.

Trojan

"Security firm Norman reported that the Nobel Peace Prize website was distributing a Trojan horse via the exploit yesterday, although it's obviously possible that other websites may also be serving up the vulnerability in an attempt to infect visiting users," said Cluley.

"Mozilla says it is working on a fix, but in the meantime Firefox users might be wise to turn JavaScript off and use the popular NoScript addon."

Mozilla has confirmed that it is hard at work on a solution to what will be an embarrassing and potentially damaging threat.

Aware of it

"Mozilla is aware of a critical vulnerability affecting Firefox 3.5 and Firefox 3.6 users. We have received reports from several security research firms that exploit code leveraging this vulnerability has been detected in the wild," said Mozilla

"Users who visited an infected site could have been affected by the malware through the vulnerability…the exploit code could still be live on other websites.

"We have diagnosed the issue and are currently developing a fix, which will be pushed out to Firefox users as soon as the fix has been properly tested."