firefox is vulnerable to arbitrary code execution. The vulnerability exists as a flaw was found in the way Firefox opened “file:” URIs. If a file: URI was loaded in the same tab as a chrome or privileged “about:” page, the file: URI could execute arbitrary code with the permissions of the user running Firefox.
lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html
secunia.com/advisories/32695
secunia.com/advisories/32713
secunia.com/advisories/32721
secunia.com/advisories/32778
secunia.com/advisories/34501
sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
ubuntu.com/usn/usn-667-1
www.mandriva.com/security/advisories?name=MDVSA-2008:230
www.mozilla.org/security/announce/2008/mfsa2008-51.html
www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.4
www.redhat.com/support/errata/RHSA-2008-0978.html
www.securityfocus.com/bid/32281
www.securitytracker.com/id?1021191
www.us-cert.gov/cas/techalerts/TA08-319A.html
www.vupen.com/english/advisories/2008/3146
www.vupen.com/english/advisories/2009/0977
access.redhat.com/errata/RHSA-2008:0978
access.redhat.com/security/updates/classification/#critical
bugzilla.mozilla.org/show_bug.cgi?id=447579
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11063
www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html