Mozilla has been undergoing a security audit, and they’ve even posted a reward for anyone who finds a vulnerability. This can be done because - unlike Internet Explorer - the source code for Mozilla is posted online.
Well, somebody did find a vulnerability. It effects users up to Mozilla 1.7.2, as well as Firefox and Thunderbird users. Although there have not yet been any known exploits to take advantage of the vulnerability, it would be wise for users to update to Mozilla 1.7.3, Firefox 1.0PR and Thunderbird 0.8 from earlier versions to protect themselves against attack. You can download what you need from mozilla.org