I'm rebuilding my laptop with a brand new 7200 rpm Seagate Momentus 7200.2 and placing my original 5400 rpm Hitachi drive in the secondary SATA bay, so I have been 'away' for a few days. I'm also on the trailing edge of a two week vacation that ends today, essentially.
There is a lot of finger pointing going on as to who is to blame for this security problem, but I don't really care about that aspect of it. I am only interested in preventing the exploits from running. So far, the proof of concepts are a bit buggy, but it is only a matter of time until the spam writers and malware writers clean up the code.
You can do one of two things, or better yet, do both, to prevent this exploit:
1. Run these commands to unregister the URL handlers: reg delete HKCR\FirefoxURL /f
reg delete HKCR\Firefox.URL /f
reg delete HKCR\FirefoxHTML /f
2. Install NoScript which has built in protections against this type of attack by default.
I already use #2, but I also performed #1 to be on the safe side.