Mozilla's security chief Window Snyder has confirmed a proof of concept information leak flaw in Firefox--even fully patched versions.
Technically, it's a chrome protocol directory transversal. Snyder explains:
When a chrome package is "flat" rather than contained in a .jar the directory traversal allows escaping the extensions directory and reading files in a predictable location on the disk. Many add-ons are packaged in this way.
A visited attacking page is able to load images, scripts, or stylesheets from known locations on the disk. Attackers may use this method to detect the presence of files which may give an attacker information about which applications are installed. This information may be used to profile the system for a different kind of attack.
Mozilla gives the flaw an low severity rating for now, but add ons such as Download Statusbar and Greasemonkey are vulnerable. Look for this vulnerability to get patched low risk or not. Mozilla has opened a bug.