Firefox 3.0.5 fixes three critical vulnerabilities
The last two of those critical vulnerabilities are listed as also affecting the Thunderbird mail client, with Mozilla noting them as fixed in, the as yet unavailable, Thunderbird 18.104.22.168. Mozilla define critical as "Vulnerability can be used to run attacker code and install software, requiring no user interaction beyond normal browsing". Full details of these, and another five lower priority issues, are available on the Security Advisories for Firefox 3.0 page.
Firefox 3.0.5 is available to download or Firefox users can use the Firefox update service by selecting Help, then Check For Updates.