Secunia reports of a new, unpatched, and highly critical security hole in Firefox 3.5 (possibly in other versions, too) that allows attackers to execute arbitrary code on the victim's computer.
The vulnerability is caused due to an error when processing JavaScript code handling; for example, one could use simple HTML "font" tags to cause a memory corruption and then run arbitrary code.
Until Mozilla addresses this vulnerability, here's a temporary fix: Type about:config in Firefox' address bar, and set "javascript.options.jit.content" to "false."