A vulnerability in Firefox 2 announced this week could allow remote command execution. Only Window versions prior to Vista (XP ->) are affected.
This can be exploited to execute arbitrary commands e.g. when a user visits a malicious web site using Microsoft Internet Explorer. The site xs-sniper.com shows examples of how to do this.
The vulnerability was first made known by Thor Larholm. However he believes the problem is related to Internet Explorer as it doesn’t escape the “ sign when passing data through to the command line.
Do not browse untrusted sites and disable the “Firefox URL” URI handler OR install the Firefox extension NoScript.