Sample code that exploits a hole in Firefox and could allow a hacker to take control of your machine has been released on the Net.

The code targets a known hole in the way the open -source browser processes Javascript. Versions 1.0.4 or earlier are affected - so users are advised the upgrade to the latest version of Firefox, released last month.

"I think it's been enough time for people to upgrade from v1.0.4. of Firefox. So, here is the PoC [proof of concept] exploit for the ... vulnerability," the poster said.

The bug was fixed in Mozilla version 1.0.5, which was released last July, and has also been fixed in version 1.7.9 of the Mozilla Suite, said Mike Schroepfer, vice president of engineering with Mozilla Corp. "As long as users keep updated to the latest version, they're, in general, very safe."

In some ways, this latest exploit is similar to highly publicised attack code that has been circulating for Internet Explorer, said Russ Cooper, editor of the NTBugtraq newslist. "It can install and run code of the attacker's choice if a victim visits a malicious website," he said.

The IE code, which was published in November, takes advantage of a Javascript problem that has not yet been patched. Microsoft is expected to patch the hole in an update later today.