An active zero-day exploit of Firefox versions 3.5 and 3.6 been found In-The-Wild. (The current version of Firefox is v3.6.11). Specifically, the Nobel Peace Prize website injects malware into victim computers via a newly discovered Firefox security hole. So far, the malware being injected is the Windows-only Trojan horse Belmoo-A. However, the injected malware could just as easily be any of the current Mac OS X Trojans.
Note of course that Trojan horses are inert until a 'LUSER' runs and installs them, providing it with their computer's Administrator password.