Hacking Firefox? It's Easy When There's No JAR to Open
Mozilla is ranking this vulnerability as 'High Severity' because it can be exploited if you have any of over 600 add-ons installed, ranging from A (allcookies) to Z (Zipedia).
Who to Blame?
According to Mozilla Security Chief Window Snyder, don't blame Firefox; blame the developers that don't use .jar packaging for the add-ons. If you're a web developer (or play one on TV), you might want to review the debate at Bugzilla over this bug (number 413250). If you develop Firefox extensions, switching to JAR packaging might be a really good idea.