Firefox-maker Mozilla has acknowledged a critical flaw in its flagship browser but will not release an official fix for it until 30 March.

In a blog posting, the firm warned that the vulnerability, first found by researcher Evgeny Legerov, could allow remote code execution if exploited by a hacker.

"The vulnerability has been patched by developers and we are currently undergoing quality assurance testing for the fix," noted the blog post.

"Firefox 3.6.2 is scheduled to be released 30 March and will contain the fix for this issue. As always, we encourage users to apply this update as soon as it is available to ensure a safe browsing experience."

Users worried they may be affected before the end of March were encouraged to download a Release Candidate build of Firefox 3.6.2 which contains the fix.

In a new twist, German users were warned not to use the browser until the update is released next week. BürgerCERT, which is part of the German Federal Office for Security in Information Technology, issued the warning on Friday, assessing the risk level as a four on its five step scale.