There is a a flaw in the pop-up blocker of Firefox that could allow an attacker to access local files. However, this vulnerability only affects Firefox 18.104.22.168. This vulnerability does not affect Firefox 2.0 which is the latest version of the browser.
When the pop-up blocker feature is disabled, Firefox gives unnecessary access to local files. If a malicious file containing exploit code is already on the computer, then it can be remotely launched.
This is not easy, since the file would have to be planted on the system by tricking a user to click on a link that would download the file. The malicious file could then enable access to other files, which could be transferred to a remote computer belonging to an attacker.
Mozilla, the distributor of Firefox, is currently working on a solution. In the meantime, make sure your pop-up blocker is enabled whenever possible. Alternatively, you can upgrade to the latest version of Firefox, version 2.0 here: