The open source browser would normally restrict the level of access given to such code, but when the code is delivered through Internet Explorer the restrictions are not in place.
An attacker could simply attach the malicious code to a URL instructing Internet Explorer to launch Firefox and run the exploit.
A similar flaw was later found to exist in AIM instant messaging clients. The researchers who discovered the AIM flaw suggested that both vulnerabilities are down to the way the Uniform Resource Identifiers are handled.
Mozilla stressed that the fix will only prevent the Firefox end of the attack. Microsoft said that it is investigating the Internet Explorer reports.
Along with the cross-browser vulnerability, two further critical flaws were addressed in the Firefox update.
The first allowed attackers to execute arbitrary code by way of what Mozilla categorises as "an unspecified element outside a document".
The update also includes fixes for a pair of cross-site scripting vulnerabilities and a flaw that could allow an attacker to access a user's web cache.
The update is available through the Firefox website or through the browser's automatic update feature.
RTX 280 Ti will come with 11GB of fast GDDR6 video RAM with a 352-bit memory bus offering 616Gbps
The scale of jobs lost to automation will be at least as large as those in the first three industrial revolutions
Latest Tesla news: Tesla stock price tanks amid reports of 'widening probe' by SEC and claims the base Model 3 loses money
SEC 'probe' takes its toll on Tesla as new research suggests that Tesla loses $6,000 on every $35,000 Model 3
10nm Cannon Lake Core i3-8121U CPUs make a rare outing with Intel's NUC mini PC