UPDATE: Blame them both.
That's the latest update from security researchers who initially laid the blame on Microsoft's Internet Explorer for the latest zero-day exploit that also can afflict those using the Firefox Web browser.
Users could face a "highly critical" risk if they have both IE and Firefox version 2.0, or later, loaded on their computer. The trouble begins when browsing a malicious site while using IE and it registers a "firefoxurl://" URI (uniform resource identifier) handler, which allows the browser to interact with specific resources on the Web. As a result, users may find their systems remotely compromised.
"Firefox is the current attack vector, but Internet Explorer is to blame for not escaping...characters when passing on the input to the command line," said Larholm, in response to a reader's comments. "I agree that Firefox could have registered its URL handler with pure DDE (dynamic data exchange, the protocol for information exchange) instead and thereby have avoided the possibility of a command-line argument injection, but IE should still be able to safely launch external applications."
Firefox and IE together brew up security trouble | Tech news blog - CNET News.com
Some of my normal buttons are missing (dang link button won't work, or I'd post to Jack's post, yeah that's how its supposed to be done, check to see if its been posted before posting.:P) while I create this, but the link above has all the info.