1.0.3 fixes this serious vulnerability [mikx.de], too. I'm curious why exploits based on social engeneering create a feeding frenzy [webmasterworld.com] while the above vulnerability isn't even mentioned here although there already are exploits with really harmful payloads available for it.
I know better but... I let FF do its check for updates thing and then update itself. Now it won't run from that profile. I really wish they would either just not have an auto-updater, or have one that works.