If you have not upgraded to Firefox 220.127.116.11 and you use Internet Explorer together with firefox, Please upgrade ASAP. There is a lot of finger pointing going on, but one thing is clear: I.E allows executing other programs with un-escaped url thus permitting malicious code execution in other applications, including Firefox 2.0 < 18.104.22.168 and Thunderbird.
More about this vulnerability you can read here.
The funny thing? Mozilla suggest a workaround – not using Internet Explorer. Microsoft suggests unregistering Firefox handlers for handling some protocols :).