CNet is reporting that Mozilla has released an update to Firefox which patches 3 critical security issues:
The first cross-site request forgery vulnerability could allow an attacker to generate a fake HTTP Referer header by exploiting a timing condition when setting the window.location property….
The second cross-site request forgery concerns the jar zip format enabling web sites to load pages packaged in zip archives containing signatures in java-archive format.
More info about the issue can be found on CNet's article and the update is available for download via Mozilla Firefox's site.