I'm not fully up to speed on this problem yet, and I'll post more as soon as I know, but I've read several descriptions now of a flaw in Apple's QuickTime and how it interacts with Java that could be exploited to compromise Firefox, Safari, and IE 6 and 7 users (and possibly others).
It sounds like you can protect yourself by disabling Java. In Firefox you can accomplish this by going into the Firefox Preferences/Options and unchecking the "Enable Java" item in the Content panel.
Like I said, I'm still getting up to speed on this and all of the details don't yet seem available, but this looks like it is clearly a flaw in Apple's QuickTime so I presume disabling or removing QuickTime would also solve the problem.
More as I learn it.
update From NIST.org, (not the US Government's NIST,)
The Quicktime bug seems to be passed to it by a Java capable web browser using the Quicktime for Java interface (QT4J). Any web browser that supports Java will become a vulnerability vector if Quicktime is installed. If Java support is disabled in the browser it can no longer be used for an attack.
So, if you're using a browser that has both Java and Quicktime, now would probably be a good time to disable or remove those plugins.
update2: Joris, over at cNet is reporting mostly the same information but it's a confirmation from TippingPoint that this is indeed an Apple flaw, in QuickTime, that can be exploited on Mac or Windows. The TippingPoint spokesperson said, "We have now verified that this issue affects both Windows and Mac operating systems, including Windows Vista through Internet Explorer."
