Mozilla Firefox 3.0.5 closes a number of known security vulnerabilities found in version 3.0.3. Details can be found at: http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.5
New package and new language packs for VL 5.9 and VL 5.9.1 are in the patches and extra repositories, respectively. VL 6.0 Standard rc1 already includes Firefox 3.0.5. Users running VL 6.0 Light or older alpha/beta builds of Standard can find Firefox 3.0.5 in the packages repository. Language packs are in the extra repository.
These packages have been available since December 17 but with everyone's busy schedule around the holidays the announcement wasn't made.
VL 5.8 is also vulnerable. We don't have many volunteer packagers still working on VL 5.8 at this point so upgrading your OS is probably the best course now. Hopefully a VL 5.8 package will follow shortly.