TippingPoint ZDI notified Mozilla of a vulnerability in Firefox that impacts versions 2.x and 3.0. This issue is currently under investigation. To protect our users, the details of the issue will remain closed until a patch is made available. There is no public exploit, the details are private, and so the current risk to users is minimal.
TippingPoint will also keep the details closed to protect Firefox users. From their blog post:
While Mozilla is working on a fix, we wont be divulging anything else until a patch is available, adhering to our vulnerability disclosure policy. Once the issue is patched, we’ll be publishing an advisory here. Working with Mozilla on past security issues, we’ve found them to have a good track record and expect a reasonable turnaround on this issue as well.
At Mozilla we appreciate any report of security issues because that is how we make the browser stronger and more secure. The best way to keep Firefox users safe is to report the issues directly to Mozilla as TippingPoint has chosen to, and to wait to release details until a fix is available.