A vulnerability has been discovered in Firefox that could allow criminals to remotely scan all variables in your Firefox plugins and use an Ajax script to log that information on to a server. This means that information stored in your plugins (like passwords, user names, email addresses, ftp information etc.) could be stolen and seriously compromise your online privacy and security.

For now, your best form of defence is to run with the NoScript plugin (from Mozilla) enabled.