Firefox security hole found.

[XMEN Gambit]

http://www.mozilla.org/security/#Security_Alerts

Has to do with a combination of IFRAMEs and the mozilla auto-update-installer feature, and allows execution of arbitrary code. They're working on it, no known instances of actual use, etc. I believe the recommended short-term workaround is to disable Javascipt. Be watching for an update.