According to Secunia‘s report, the first flaw is based on an error in the way HTML, which, with certain layout combinations, can be exploited to corrupt memory via a specially crafted web page.
The second vulnerability is an error in the way the "by" property of an "animateMotion" SVG element is handled can be exploited to corrupt memory via a specially crafted web page assigning other DOM elements to the property.
Third, and last, there is an error in the argument validation, allowing processing images to be exploited to corrupt memory via a specially crafted web page.
In related news, Mozilla has just released the latest version of Firefox 3 Beta.