"A Firefox security flaw originally judged to be of low severity
has been upgraded to high, but a fix is on its way.
"The issue concerns so-called 'flat' add-ons that store their
components in multiple files instead of using a single .jar file. A
flaw in the way the program handles the chrome protocol means a
maliciously crafted web page is able to traverse directories in
order to read data from known locations..."