Mozilla released Firefox 220.127.116.11 to fix three dangerous vulnerabilities. Here's a list of the problems fixed:
MFSA 2007-39 Referer-spoofing via window.location race condition - "Gregory Fleischer demonstrated that it was possible to generate a fake HTTP Referer header by exploiting a timing condition when setting the window.location property. This could be used to conduct a Cross-site Request Forgery (CSRF) attack against websites that rely only on the Referer header as protection against such attacks."
MFSA 2007-38 Memory corruption vulnerabilities (rv:18.104.22.168) - "Certain crash conditions show evidence of memory corruption and we presume that with enough effort at least some of these could be exploited to run arbitrary code."
MFSA 2007-37 jar: URI scheme XSS hazard - "Jesse Ruderman and Petko D. Petkov point out this means that sites that allow users to upload binary content in zip format are effectively allowing users to install web pages on their site, and these can be used to perform Cross-Site Scripting (XSS) attacks. The blogger at beford.org noted that redirects confused Mozilla browsers about the true source of the jar: content: the content was wrongly considered to originate with the redirecting site rather than the actual source."
The complete release notes are here: What's New in Firefox 22.214.171.124