MozillaZine.org reports branches have been created for three of mozilla.org's latest releases, in order to fix an external windows protocol handler bug. The fix involves disabling the shell: protocol handler, which was found to enable pages to run executables on Windows via a link. Builds should officially be available shortly, and there will also be an XPI offered to disable the pref. Alternatively, you can set the pref "network.protocol-handler.external.shell" in about:config to 'false' to also remove the exploit.