An unpatched security flaw has been discovered in the latest version
of Firefox 3.0.5 which allows a remote attacker to crash the browser
with a special crafted HTML page using a queryCommandState:
PoC: http://groups.google.it/group/carl-hardwick/web/Firefox305RemoteDoS.htm