Firefox 3.5 has significant improvements in speed especially when it comes to handling JavaScript heavy pages. This now puts it on par with Safari 4.0, in my case it performs better. The major security improvements includes a safe browser mode which does not store history, cookies, temp files and other information related to your browser session. There is also the addition of the Origin header for their Content Security Policy (CSP). This is an attempt to prevent drive-by-downloads and limit the threat of Cross Site Scripting (XSS). For more information connect to the reference on the Mozilla Security Blog.
drStrangeP0rk
There have been reports that the patch of SVGLength in Firefox versions below 3.5 were not effective. The bug may even be present in version 3.5, the current work around for all versions of Firefox is to set your cahce to zero. This will prevent a DoS through an unclamped loop in SVG (public Interface SVGLength).
drStrangeP0rk
This issue does affect version 3.5. US Cert is recommending disabling JavaScript, currently using NoScript is an excellent way to do responsible web surfing and setting cache to zero. If users cannot conduct a determination on a case by site basis then disabling JavaScript may be the best alternative.
http://www.us-cert.gov/current/index.html#mozilla_firefox_3_5_vulnerability