A Russian security researcher has released attack code for a critical vulnerability in Firefox.

"The exploit -- which allows attackers to remotely execute malicious code on end user PCs -- triggers a heap corruption vulnerability in the popular open-source browser, said Evgeny Legerov, founder of Moscow-based Intevydis," writes The Register's Dan Goodin. "He recently added it as a module to Vulndisco, an add-on to the Immunity Canvas automated exploitation system sold to security professionals."

"While the exploit is currently available only to those who pay a hefty licensing fee, wider circulation can't be far behind," Goodin writes.

Click here to read the article at The Register.