http://www.mozilla.org/security/shell.htmlInstructions are on the site for either patching your current Mozilla and / or Firefox or installing the latest releases of each.
What Mozilla users should know about the shell: protocol security issue
On July 7 (yesterday) a security vulnerability affecting browsers for the Windows operating system was posted to Full Disclosure, a public security mailing list. On the same day, the Mozilla security team confirmed the report of this security issue affecting the Mozilla Application Suite, Firefox, and Thunderbird and discussed and developed the fix at Bugzilla bug 250180. We have confirmed that the bug affects only users of Microsoft's Windows operating system. The issue does not affect Linux or Macintosh users.
Today, the Mozilla team released a configuration change which resolves this problem by explicitly disabling the use of the shell: external protocol handler. The fix is available in two forms. The first is a small download which will make this configuration adjustment for the user. The second fix is to install the newest full release of each of these products. Instructions on administering these changes can be found below.