I haven't seen this posted so here goes:

A malicious hacker who could trick a user into saving a file could delete files from a user's download directory.

From mozillazine:
The Mozilla Foundation today released Firefox 0.10.1, which patches a security hole that was discovered this week. Users can download a new build of Firefox, wait for the automatic update to prompt you to upgrade, or install the XPI to upgrade it. Users are urged to upgrade Firefox. The hole is not known to affect any other Mozilla applications.

Both articles date oct. second 2004