As if you needed a reason to stay up to date, but its worth noting that a validation error in the processing of certain tags has been reported in the Sage RSS reader extension for Firefox.  This can be exploited to insert and execute arbitrary HTML and script code in a local context by tricking a user into adding a malicious feed and then viewing its contents.

I've recommended Sage in the past, and fortunately this was fixed some time ago in Sage 1.3.10, so run your updates.