Register/Secunia reports. Recommendation is disable js in addition to the "allow websites to install sw" for now. http://www.theregister.co.uk/2005/05/09/firefox_0day_exploit/