The latest releases of Firefox (2.0.0.10) and SeaMonkey (1.1.7) address three recently discovered vulnerabilities. The first is a race condition in window.location that can allow Cross-site scripting via referer-spoofing. The second is a memory corruption issue which could lead to the execution of arbitrary code. The third is a jar URI scheme vulnerability that can also allow Cross-site scripting to occur.

You should update if you are using one of these products.

For for the original notifications travel over to Mozilla’s known vulnerabilities site