First, this incident was NOT a zero day attack, as was originally reported. The exploit was discovered by a group called “The Zero Day Initiative” but was not actually a zero day exploit. According to the Mozilla Security Blog, the details of the problem will be kept private but it’s not a public exploit and “the risk to users is minimal.”
Second, we reported the exploit as a Firefox 3 issue, but the exploit affects Firefox versions 2.x and 3.0, so it’s not strictly a Firefox 3 issue.
We sourced this CNET article, which does contain accurate information. We apologize for any confusion that our original post may have caused.