Firefox Vulnerabilities: The Official Word: "The Mozilla Foundation is aware of two potentially critical Firefox security vulnerabilities as reported publicly Saturday, May 7th. There are currently no known active exploits of these vulnerabilities although a 'proof of concept' has been reported." ... As of this writing, the organization is still working on a fix.

Firefox users have been advised to change browser settings (disable Javascript, disable remote site software installs). No doubt a patch will be issued soon.

UPDATE: A patch has now been released - Firefox 1.0.4.