There are two distinct problems in Firefox.

The first one, most reliably demonstrated by this testcase, is a remotely exploitable security vulnerability tracked here. This problem is fixed in Firefox 1.5.0.7 and 2.0.

The other one, demonstrated by this testcase, is a denial-of-service condition that is an annoyance, but is not exploitable to compromise your system. It is being tracked here and is not fixed to this date.