The malware, called ChromeInject, holes up as an add-on in Firefox and identifies when you are visiting certain financial sites, like PayPal, to harvests usernames and password for those sites. Afterwards those logins get sent off to a remote server, where they are no doubt used to drain or transfer funds from people's accounts. Users still must visit a malicious or compromised site to become infected by this trojan, and security products are already being updated to detect it. One of the easiest steps to prevent infection is just to make sure any add-ons you install come from an official source, like Mozilla's repositories.
Even if the odds of infection are low, seeing harmful software written specifically for Firefox does demonstrate that it is now becoming large enough for people, including people with bad intentions, to take notice of it.