Mozilla Firefox attack code published

Reports suggest that Mozilla has accelerated the rate at which it is developing a security patch for Firefox, following the publication of a flaw that reportedly allows hackers to run unauthorised software on a victim's machine.

According to newswire reports, the flaw centres around Firefox's URL handler component, which was the source of another smaller flaw a week or so back.

Weekend newswire reports say that this second flaw was disclosed by Billy Rios and Nathan McFeters, a pair of security consultants with Verisign and Ernst & Young, respectively.

The big question, of course, is why a pair of professional IT security researchers would publish details of Firefox flaws before Mozilla has fixed them?

Surely it only shows a red rag to the hacker community and doesn't do any good for Firefox users in the longer term? Or am I just being stupid?...