If you run Firefox (or other Mozilla software based on the same codebase like Thunderbird) and have not upgraded it to the latest version (the latest Firefox - 1.5.0.2 - was released just last week), CERT says you really really need to.

From ZDNET:

"CERT advises people who use Mozilla's e-mail software, Thunderbird, and the Internet application suite Seamonkey to also upgrade to the latest versions (Thunderbird 1.5 and Seamonkey 1.0.1). CERT warned that any other products based on older Mozilla components, particularly the Gecko rendering engine, may also be affected.

"Firefox has traditionally been seen as being more secure than other Web browsers such as Microsoft's Internet Explorer. This is thought to be the first time that multiple vulnerabilities have been reported in Firefox and the Mozilla suite.

"Secunia warned that hackers could exploit the security holes to gain control of computer systems, conduct phishing attacks, and bypass security restrictions.

"One error that occurs in Firefox would allow arbitrary JavaScript code to be injected into Web pages as they load."

Users of Firefox can typically just click on the Firefox "Help" drop-down menu and then choose the "Check for Updates" option to see if they are running the latest version. If your version of Firefox does not have this option, you know you're way out of date and you should visit http://getfirefox.com right now and download the newest version ASAP.

Also, of use to corporate IT people is the Firefox Community Edition package from FrontMotion that includes features to do MSI installs and leverage associated Active Directory ADM files to manage Group Policy security functionality in Windows domains. Companies using this package can apply the patched versions in an automated, simpler and reliable fashion. Larger organizations that don't use such a package have to deal with either a more complicated update process or reliance on end users to perform the updates - which is never 100% successful, even in the smallest shops. Version-wise, it's important to note that FrontMotion's MSI installers tend to lag a bit behind the Firefox official releases (when a new FireFox release is issued, the FrontMotion crew uses it to create the new MSI installers and ADM files), so keep this in mind when deciding how to deploy.