[ Thanks to zanek for this
link. ]
“Firefox 1.5.0.3 is designed to fix a remotely exploitable
vulnerabilty rated as Critical by FrSirt (French Security Incident
Response Team) and Highly Critical by Secunia.“If you have Javascript enabled and designMode turned on, a
remote black hat can force a call to a deleted controller context,
which, at best, crashes the browser, and at worst, lets the
attacker run evil code…”