1.5.0.4 Released, Not yet on autoupdater, download from

Windows:
http://releases.mozilla.org/pub/mozilla.org/firefox/releases/1.5.0.4/win32/

Mac
http://releases.mozilla.org/pub/mozilla.org/firefox/releases/1.5.0.4/mac/

Linux
http://releases.mozilla.org/pub/mozilla.org/firefox/releases/1.5.0.4/linux-i686/

These are the critical fixes in 1.5.0.4:

Mozilla privilege escalation using addSelectionListener
A privilege escalation vulnerability exists in the Mozilla addSelectionListener method. This may allow a remote attacker to execute arbitrary code.
http://www.mozilla.org/security/announce/2006/mfsa2006-43.html

Mozilla contains a buffer overflow vulnerability in crypto.signText()
Mozilla products contain a buffer overflow in the crypto.signText() method. This may allow a remote attacker to execute arbitrary code.
http://www.mozilla.org/security/announce/2006/mfsa2006-38.html

Mozilla may process content-defined setters on object prototypes with elevated privileges
Mozilla allows content-defined setters on object prototypes to execute with elevated privileges. This may allow a remote attacker to execute arbitrary code.
http://www.mozilla.org/security/announce/2006/mfsa2006-37.html

Mozilla may associate persisted XUL attributes with an incorrect URL
Mozilla can allow persisted XUL attributes to associate with the wrong URL. This may allow a remote attacker to execute arbitrary code.
http://www.mozilla.org/security/announce/2006/mfsa2006-35.html

Mozilla contains multiple memory corruption vulnerabilities
Mozilla contains several memory corruption vulnerabilities. This may allow a remote attacker to execute arbitrary code.
http://www.mozilla.org/security/announce/2006/mfsa2006-32.html

The most severe impact of these vulnerabilities could allow a remote attacker to execute arbitrary code with the privileges of the user running the affected application. Other effects include a denial of service or local information disclosure.