Gerry Eisenhaur of hiredhacker.com has discovered that current (220.127.116.11) and older versions of Firefox are vulnerable to chrome URL handling directory transversal attacks if they have any one of over 600 extensions installed.
How Can You Make Your Browser Safer?
Until Firefox 18.104.22.168 is introduced, install Noscript to block scripts. It's a High Severity vulnerability, so don't wait around for a solution.
For more background, see my original post over at Maximum PC.