Scammers are sending out huge numbers of fake emails pretending to be from the Mozilla Foundation, maker of the popular multi-platform web browser Firefox.
The spam-flavoured missives, with titles along the line of 'New Version Released' and which appear to have been sent from various email addresses ending in @firefox.com contain links to malicious executables which ride in on what appears to be a genuine update to Firefox 5.0.1.
The trojan, identified by Sophos as Troj/PWS-BSF, is reportedly capable of stealing passwords.
Firefox automatically updates itself by default so any email purporting to offer to do it for you is definitely a fake. Mozilla doesn't send update notices vie email or any method other than the in-app notifications.
Here's the text of the spam email, which you should delete without opening. And definitely don't click on the link which, for obvious reasons, we have deleted.