The Mozilla Foundation has repaired a browser bug first revealed last Friday.
Mozilla developers have posted a software patch and instructions for a workaround, both of which secure the flaw.
The vulnerability revolves around the International Domain Name (IDN) feature that Mozilla products use to process Web pages that do not use Latin Alphabet characters in their names.
Links pointing to a host with a long name composed entirely of dashes can be crafted so that Firefox will execute arbitrary code of an attacker's choosing, meaning that an attacker theoretically could use the flaw to take control of a user's machine.
No code that actually exploits this vulnerability has yet been seen, but all versions of Mozilla Firefox and the Mozilla Suite are affected, according to the Mozilla team.
"It's something we take seriously because it could be used for bad things," said Mike Schroepfer, director of engineering with the Mozilla Foundation.
Because both the patch and the workaround simply disable IDN, users who require the feature to visit international Web sites should stick to visiting sites they know and trust until the problem is actually repaired in the browser, Schroepfer said.
When that will happen remains unknown. "We're determining that now," he said.