Here's a description of the flaw from InformationWeek:
The flaw needed a certain degree of user-interaction (lockergnome) to be activated and the folks at Mozilla have patched the issue in their 188.8.131.52 browser release. What's deeply intriguing about the flaw is how it uses the interface among the applications (in this case IE and Mozilla) to launch an attack.
The flaw sparked a lot of sparring between executives of Mozilla and Microsoft (TechWorld), each blaming the other's API call for the flaw. Software makers can ensure a lot of security around their internal code, but when it comes to APIs they expose to third-party software, the usage is in the hands of the third party and may present vulnerable end points.
Be wary of the software installed on the system that you use. Even unused software APIs can act as potential entry points for malware and trigger an exploit.