A week ago, Mozilla Foundation released a new security update which included 8 advisories.
4 of the advisories were rated with 'Moderate' severity. At least 3 of them, IMHO, are exploitable for remote code execution with no user interaction.
Today, HD Moore, the author of Metasploit, published a remote code execution exploit for one of the 'Moderate' severity rated vulnerabilities.
This again shows you that Mozilla Foundation are not learning from past mistakes and are still downplaying vulnerabilities.
My guess is that they are waiting for an exploit in the wild before they are going to rate any exploitable memory corruption vulnerability as 'Critical'.