Doesn't actually surprise me. I knew there was going to be something found sooner or later.

Still that's one critical bug vs how many in IE?

Javascript and frames always seem to have some kind of problem in IE and firefox. Makes me wonder how difficult it really is to patch the problem and why.

Now the exploit at hand looks like firefox allows a maliciously coded page to give the user the impression he/she is downloading software from a trusted site (update.mozilla.org and addons.mozilla.org are trusted by default according to the article).

Just like with the IE flaws I think it comes down to getting your security settings setup correctly so these type of flaws don't have as much impact.