Trend Micro reported that senior threat researcher Joseph Reyes spotted several malicious script files that exploited vulnerabilities in both browsers. It detailed them as JS_DIREKTSHO.B that exploits a vulnerability in Microsoft Video Streaming ActiveX control to download other possibly malicious files.
Meanwhile JS_FOXFIR.A accesses a website to download JS_SHELLCODE.BV that exploits a vulnerability in Firefox 3.5 to download WORM_KILLAV.AKN.
Trend Micro reported that initial analysis performed by threat analyst Jessa De La Torre shows that the scripts above may be unknowingly downloaded through either Firefox or Internet Explorer.
Mozilla claimed that a Firefox user suffered a crash that developers determined could result in an exploitable memory corruption problem. In certain cases after a return from a native function, the just-in-time compiler could get into a corrupt state. This could then be exploited by an attacker to run arbitrary code.
Meanwhile Microsoft has said that it is aware of attacks attempting to exploit the said vulnerabilities. It has advised customers to prevent the Office Web Components from running either manually or automatically using the solution found in Microsoft Knowledge Base Article 973472.
Symantec recommended maintaining an up-to-date browser and operating system, making sure your web browser and other applications are fully patched and ensuring that your anti-virus and firewall software are running and up-to-date with the latest definitions sets.