Mozilla recently discovered a security escalation vulnerability in the 3.0.1 version of the popular CoolPreviews add-on.

The vulnerability can be exploited with a specially crafted link, which forces the add-on to execute remote JavaScript code if the user hovers the cursor over the link. More information is available at the Mozilla Add-ons blog.

Firefox users with the CoolPreviews add-on are advised to upgrade to the latest 3.1.0625 version as soon as possible. Other known issues resolved with the update are listed on the CoolPreviews site.