Developers at the open-source Mozilla Foundation have confirmed that the latest version of their Web browsers have a security flaw that could theoretically allow attackers to crash computers or launch unauthorized programs.
The flaw was publicized Wednesday on a security mailing list, along with a link to a fix for the problem . Updated versions of the affected software programs, which include the Mozilla, Firefox and Thunderbird browsers, have been released.

Developers said the flaw affected only Windows users, not computers running either the Macintosh or Linux operating systems

...

Mozilla developers said that future versions of the Firefox Web browser would have automatic update notifications that would make it easier to notify users about security fixes.
Source : http://zdnet.com.com/2100-1105_2-5262676.html
Patch : http://www.mozilla.org/security/shell.html