An update on this security vulnerability. Adobe has announced that a patch will be issued on December 16 to address the exploit in version 9.4.6: http://blogs.adobe.com/asset/2011/12/background-on-cve-2011-2462.html
If you happen to live anywhere in Europe, you'll have to wait until tomorrow to update because due to time zone differences, it's still only December 15 in the USA.
Hopefully though, Adobe will also update the Firefox plugin this time around. When the previous patch was released to update Reader to 9.4.6, the Firefox plugin remained as 126.96.36.199 leaving Firefox users vulnerable to attack.
So here we are now sitting pretty with Reader updated to 9.4.7
However, once again, this update has FAILED to address the issue with the Firefox plugin which remains as 188.8.131.52
So anybody who unwittingly updates Reader to 9.4.7 but doesn't notice that the Firefox plugin remains as 184.108.40.206 is going to have a nasty surprise if they happen to land on a malware infested site!
The only workaround here is to disable the plugin in the Firefox Add-ons manager which you can access by hitting CTRL+SHIFT+A. Go to the Plugins menu and click the "Disable" button to the right on the Reader installation. This means you will be unable to read PDF files in the Firefox browser and will instead be presented with the option to download them to your own machine. If however you choose to open them with the disabled plugin, it will once again remain enabled until you manually disable it again, so be careful.