I think today's 1.0.4 release covers the vulnerabilities mentioned above.
Here's a summary of the story, the rest of which you'll find at slashdot.org complete with several links:
"Firefox has been updated to 1.0.4 and they have fixed a few critical security holes, all javascript vulnerabilities. The Mozilla Foundation announced these vulnerabilities May 7th. 'There are currently no known active exploits of these vulnerabilities although a proof of concept has been reported." You don't have to upgrade, but it's recommended.'" We've reported on these vulnerabilities previously."