...from:

http://www.mozilla.org/security/#Security_Alerts

Security Advisory (May 8, 2005) The Mozilla Foundation is aware of two potentially critical Firefox security vulnerabilities as reported publicly Saturday, May 7th. There are currently no known active exploits of these vulnerabilities although a "proof of concept" has been reported. Changes to the Mozilla Update web service have been made to mitigate the risk of an exploit. Mozilla is aggressively working to provide a more comprehensive solution to these potential vulnerabilities and will provide that solution in a forthcoming security update. Users can further protect themselves today by temporarily disabling JavaScript.

For more information about the vulnerabilities, see the advisory at the mozilla.org site. Further information including the availability of updates will be posted at www.mozilla.org.