This week a number of different security researchers exposed three new flaws in Mozilla's browsers, including Firefox. Secunia, a security firm, reported a download spoofing flaw which could trick users into downloading something they don't expect.
iSEC Perhaps, a Polish security firm, told of a buffer overflow bug with the NNTP. This bug could allow code to be run whenever a news:// connection is made.
Last is a flaw in how Mozilla Thunderbird and Firefox handle temporary files. Secunia security research firm states that since the flaws were first discovered in August 2004, four of the five remain unpatched. Source