Thanks to ibetheone in BPN for the heads up.
Three new branches have been created for Firefox, Thunderbird, and the original Mozilla suite, in order to fix an external windows protocol handler bug. The new version numbers are Firefox 0.9.2, Thunderbird 0.9.2, and Mozilla 1.7.1.
Alternatively, you can set the pref network.protocol-handler.external.shell in about:config to false to remove the exploit, or install the XPI listed below. (This will only set it on your current profile, if you have more than one profile, or could be creating more, you should use the XPI or the updated build.)
It should be noted that this patch was released within hours of the flaw being discovered. Future versions of Mozilla Firefox will include automatic update notifications, which will make it even easier for users to be alerted to security fixes.
Update: It should also be noted that this flaw effects all browsers for the Windows operating system which take advantage of the "shell" function, not just Mozilla.