The latest releases of Firefox (18.104.22.168) and SeaMonkey (1.1.7) address three recently discovered vulnerabilities. The first is a race condition in window.location that can allow Cross-site scripting via referer-spoofing. The second is a memory corruption issue which could lead to the execution of arbitrary code. The third is a jar URI scheme vulnerability that can also allow Cross-site scripting to occur.
You should update if you are using one of these products.
For for the original notifications travel over to Mozilla’s known vulnerabilities site