Firefox 3.6.7 Released
In addition to improvements in stability the following vulnerabilities have been addressed. Administrators and user should update to the lasted stable version. Thunderbird and Firefox 3.5.111 have also been released. With the addition of Google Chrome, it is clear that Firefox may be losing some of it's popularity with users.
Fixed in Firefox 3.6.7
MFSA 2010-47 Cross-origin data leakage from script filename in error messagesMFSA 2010-46 Cross-domain data theft using CSS
MFSA 2010-45 Multiple location bar spoofing vulnerabilities
MFSA 2010-44 Characters mapped to U+FFFD in 8 bit encodings cause subsequent character to vanish
MFSA 2010-43 Same-origin bypass using canvas context
MFSA 2010-42 Cross-origin data disclosure via Web Workers and importScripts
MFSA 2010-41 Remote code execution using malformed PNG image
MFSA 2010-40 nsTreeSelection dangling pointer remote code execution vulnerability
MFSA 2010-39 nsCSSValue::Array index integer overflow
MFSA 2010-38 Arbitrary code execution using SJOW and fast native function
MFSA 2010-37 Plugin parameter EnsureCachedAttrParamArrays remote code execution vulnerability
MFSA 2010-36 Use-after-free error in NodeIterator
MFSA 2010-35 DOM attribute cloning remote code execution vulnerability
MFSA 2010-34 Miscellaneous memory safety hazards (rv:1.9.2.7/ 1.9.1.11)
The security update which fixed the plug-in parameter array crash was exhibiting behavior that resulted in memory curruption. the resulting is a dangling pointer which has the potential to be exploited. Mozilla has released an update which users and administrators should apply.
http://www.mozilla.org/security/announce/2010/mfsa2010-48.html