Even the mighty Firefox is vulnerable to attack, and we see this today with Secunia's publication of a newly discovered security flaw in the popular browser. Affecting only the 2.0.x branch, this flaw could potentially be exploited by malicious users to compromise a machine. The "Firefox URL" function is one method of exploitation, and a simple posted fix is to disable that particular handler.

This flaw is interesting in that it can be carried across browsers, with bad data from IE resulting in compromise:

The problem is that Firefox registers the "firefoxurl://" URI handler and allows invoking firefox with arbitrary command line arguments. Using e.g. the "-chrome" parameter it is possible to execute arbitrary Javascript in chrome context. This can be exploited to execute arbitrary commands e.g. when a user visits a malicious web site using Microsoft Internet Explorer.
The flaw has been noted elsewhere. We'll likely see an update from Mozilla soon.