The not profit Mozilla Foundation, which administers the open source Firefox web browser has patched a critical hole that could enable Microsoft's Internet Explorer to infect users' computers with malware by launching a Firefox session from a malicious website. However, Microsoft has yet to issue a fix for the bug which still exposes IE users to malware if they visit a bad website.
According to Mozilla Foundation Security Advisory 2007-23 , "the vulnerability is exposed when a user browses to a malicious web page in Internet Explorer and clicks on a specially crafted link. That link causes Internet Explorer to invoke another Windows program via the command line and then pass that program the URL from the malicious webpage without escaping the quotes. Firefox and Thunderbird are among those which can be launched, and both support a "-chrome" option that could be used to run malware."