Vulnerabilities found include XUL popup spoofing, cross site scripting using addEventListener to inject script into another site, path abuse in cookies, persistent autocomplete DoS, and a critical vulnerability related to crashes indicating memory corruption.
Along with 184.108.40.206, Mozilla Corporation also issued an update for the Firefox 1.5.0.x series, release 220.127.116.11. According to the Mozilla Developer News announcement, this is likely to be the 1.5.0.x series final release. The "planned end of life for the 1.5.0.x series" has previously been extended due to "some recent changes in update functionality." Users are encouraged to upgrade to the latest Firefox 2.0.0.x release.
If you're stuck on Vista for some reason, you'll be pleased to note that this release also offers better support for Windows Vista, although the release notes list several caveats.