Hi FwF,
This was the previous one, that was fixed with the latest update to version 2.0.0.12. This one that is of a much more general nature, goes beyond plug-ins and extensions or jar or flat plug-ins right into the heart of Firefox, much more dangerous and attacking Firefox by default, so the browser is vulnerable. The leak was published just a couple of hours after the latest version had been launched, that patched the less serious hole you mentioned. The new hole makes it possible for attackers to steal confidential information. The standard open source browser Firefox is now vulnerable, extensions installed or not.
An attacker can open local files inside the Mozilla directory and read out all browser settings. "Funny but rather sad really, because Firefox 2.0.0.12 has just been launched, to find itself broken again.
The Dutch security researcher R. Van den Heetkamp accuses Mozilla not doing a full job. "I accused Mozilla before, not half of all the holes are being patched, they should take the time to really go to the core of the problem." The researcher advises Firefox users to use another browser or install the NoScript plugin as I mentioned in the previous posting.
polonus