Mozilla published Firefox 3.6.12, a new update that plugs a critical security vulnerability.
Firefox 3.6.12 fixes a critical security issue that could potentially allow remote code execution.
Heap buffer overflow mixing document.write and DOM insertion
Morten Kråkvik of Telenor SOC reported an exploit targeting particular versions of Firefox 3.6 on Windows XP that Telenor found while investigating an intrusion attempt on a customer network. The underlying vulnerability, however, was present on both the Firefox 3.5 and Firefox 3.6 development branches and affected all supported platforms.