Mozilla released Firefox 3.6.11 that fixes a critical security issue.
Heap buffer overflow mixing document.write and DOM insertion
Morten Kråkvik of Telenor SOC reported an exploit targeting particular versions of Firefox 3.6 on Windows XP that Telenor found while investigating an intrusion attempt on a customer network. The underlying vulnerability, however, was present on both the Firefox 3.5 and Firefox 3.6 development branches and affected all supported platforms.
Firefox 3.6.12 is available for download here.