A critical vulnerability was identified in Mozilla Firefox, which may be exploited by remote attackers to execute arbitrary commands. This flaw is due to an input validation error when processing specially crafted JavaScript code pointing to a firefox extension (add-on) or theme file, which may be exploited via a malicious web page or email to bypass the security restrictions and inject arbitrary JavaScript code in the chrome, which could lead to a system compromise. The FrSIRT confirmed this vulnerability in Firefox version 1.0.3.

Currently there is no patch for this problem. You can work around this by disabling JavaScript, or disable the “Allow web sites to install software” option.

Source: FrSIRT