Mozilla have confirmed that there’s a bug in Firefox that could lead to your private data being exposed. The security people at Mozilla have rated this security issue as low and are working on a fix.
The bug involves how Firefox deals with “chrome://” URI’s and escaped characters. The full technical details and a demo of the bug are available from Gerry Eisenhaur’s hiredhacker site. The demo seems to be for Windows only, so those of a Mac or Linux persuasion will have to wait to see if this bug affects them.
Until a fix is released, the NoScript add-on can be used to stop this bug in it’s tracks.