Mozilla states that despite what several media outlets and security organizations reported over the weekend, it is not an exploitable vulnerability that could lead to malicious code execution, so it is not a critical flaw.
“We do not believe that this represents an exploitable vulnerability in Firefox. Further, we believe that the IBM report is in error, and that the severity rating in the National Vulnerability Database report is incorrect. We have contacted them and hope to resolve the inaccuracies shortly.”, concluded Mike Shaver, Mozilla VP of Engineering.
EDIT: As noted in the comments, since its not an exploitable bug, then this is not a security vulnerability, hence, this post’s previous title was dumb. Corrected.
Also, Security Focus has updated its report describing this bug as a denial of service.