Hoax or not, it’s a reminder that even Firefox is simply a browser. Should people try hard enough, there is always a method to hit a machine with something nasty

A public claim by hackers that Mozilla’s Firefox browser is vulnerable to multiple code execution vulnerabilities may be an overblown hoax.

On the heels of a ToorCon presentation where two security researchers—Mischa Spiegelmock and Andrew Wbeelsoi—warned that Firefox’s implementation of JavaScript was badly flawed and could allow PC takeover attacks, Mozilla’s engineers say the risk is limited to a denial-of-service issue.
Spiegelmock, a developer at Six Apart, a blog software company in San Francisco, now says the ToorCon talk was meant “to be humorous” and insists the code presented at the conference cannot result in code execution.
Spiegelmock’s strange about-face comes as Mozilla’s security response team is racing to piece together information from the ToorCon talk to figure out how to fix the issue…. Source: eWeek