The French Security Incident Response Team (FR-SIRT) has published yesterday a proof of concept of Mozilla Firefox "InstallVersion.compareTo()" Remote Command Execution Exploit. The FR-SIRT has published the perl code of the exploit. You can get it from http://www.frsirt.com/exploits/20060101.mozilla_compareto.pm.php