The mozilla blog has some more info too. Most concerning to me is:
… in all the user directories it can access it looks for .bash_history, .mysql_history, .pgsql_history, .ssh configuration files and keys …
Guess I’ll be rotating SSH keys soon. The post also mentions that Windows and Linux users are vulnerable (but not OSX). I wonder if BSD is affected.
It mentions that OSX is vulnerable, but that the found exploit didn’t target it:
Mac users are not targeted by this particular exploit but would not be immune should someone create a different payload.
It seems irresponsible that Firefox is so eager to tell me flash is vulnerable but doesn’t say a word when I open a PDF.