A day after the official release of Mozilla’s Firefox 3, an unnamed researcher has sold a critical code execution vulnerability that puts millions of Firefox 3.0 users at risk of PC takeover attacks.

According to a note from TippingPoint’s Zero Day Initiative (ZDI), a company that buys exclusive rights to software vulnerability data, the Firefox 3.0 bug also affects earlier versions of Firefox 2.0x.

Mozilla’s security team is keeping this under wraps until they release a new patch. This risk is considered high-severity.

In order for this vulnerability to be successfully exploited, an attacker will have to execute arbitrary code, permitting the attacker to completely take over the vulnerable process.

However, I would not be too concerned as this vulnerability requires interaction from a user such as clicking on a link in email or inadvertently visiting a malicious web page.

Until a fix is available, users should practice safe browsing habits and avoid clicking on strange links that arrive via e-mail or IM messages.