I don't know how I managed to miss security update 1.0.4 for firefox, but I did. It was released on the 11th, and fixes the following issues :
MFSA 2005-44 Privilege escalation via non-DOM property overrides
MFSA 2005-43 "Wrapped" javascript: urls bypass security checks
MFSA 2005-42 Code execution via javascript: IconURL
It also fixes some DHTML errors, although those are not security related. The other three though, are classified as critical, so if you haven't updated yet, this would be a good time to do so!
Unrelated to firefox, but still security news : If you happen to use VPN to connect remotely to the office, it may be a good idea to to point out to your administrator that some setups are vulnerable and much less secure as they appear. I don't have any real VPN experience, but it has got something to do with cryptographic weaknesses used in sub-keys. A technical explenation along with proposed solutions can be found at the NISCC website, or you could read the article at The Register for a less technical overview of the problem.