Just three days ago on February 7th Firefox 2.0.0.12 was released. The bad news is that if you downloaded this version you were immediately vulnerable to a directory traversal trick, via the view-source mechanism. The good news is you can protect yourself from this vulnerability by disabling scripting in Firefox. There are a couple of ways to disable scripting.

1. You can manually disable scripting for sites you don’t trust.  Instructions are written specifically for the PC.  For those on a Mac Firefox options are identical with the only difference being you’ll click on “Firefox” in the menu to get to the options.  In the menu click “Tools” -> “Options”, this opens the options dialog box. In the options dialog box there are 7 option categories. Click the category labeled “Content”.   In the first block of options under the content category you’ll see a check box item with a JavaScript option label. If you want to disable scripting you should de-select the JavaScript check box and click “ok” to save your changes. Scripting will now be disabled in Firefox. (Important Note: All sites that require JavaScript even those that are trusted will now be broken unless you re-enable JavaScript in the options dialog box).
2. The other option for disabling scripting is to install a 3rd party plug in. I’ve been using a plug in called “NoScript“. NoScript makes it simple to manage scripting settings in Firefox because you have the option to give permissions to specific web sites that you know are safe to run scripting. This is very similar to Internet Explorer’s security zones feature.

Mozilla will no doubt release a patch soon, but it’s important to remember that as the web becomes more sophisticated and new web applications emerge so do security vulnerabilities. Most browser vulnerabilities stem from some form of scripting, and it is a wise decision to adopt the Trust No One mentality.