i can't find any more information than this, but it seems mozilla, firefox, and t-bird should be priority upgrades for the arch repositories?
After releasing their much awaited preview release of Firefox 1.0, the Mozilla Foundation has issued a warning about seven critical security issues with three of its flagship products.
Any product versions prior to Mozilla 1.7.3, Firefox 1.0PR and Thunderbird 0.8 are considered vulnerable. Mozilla recommends that all users upgrade their affected software to prevent exploitation of their systems.
gauging the response, i take it they are referring to windows-only exploits? :?:
If my theory is correct, this bug is based on the Windows JPEG libraries having some buffer overflow (hah! arbitrary code from a picture!) problems.. I am going out on a limb here and assuming that the image handling was statically linked to these apps... but I'm not really sure.
If memory serves me, this same image overflow thing affected *nix boxes as well.... the virus/script kiddie community is comming along...