The exploit works by fooling the browser into thinking a software has arrived from a White-listed site.
"We understand that a change made to Mozilla Update has made the vulnerability effectively unexploitable if you only have update.mozilla.org and addons.mozilla.org in your software installation whitelist (accessible from the Web Features or Content panel in the Options/Preferences window), which is the default setting," said a Mozilla spokesperson on the company's website.
If compromised a hacker could pass malicious Java Script and run arbitrary code on a user's system.
A Firefox update to correct the flaw is expected shortly. In April SC reported Firefox passed 50 million downloads. Many of which are a result of people migrating from Microsoft's Internet Explorer in the understanding Mozilla's browser will have less vulnerabilities. But some security experts have suggested that Firefox's newfound popularity will make it a target for hackers.
Firefox's other rival, the Opera browser, has also been having a good time of late. Last week SC reported two million users had downloaded its version 8.