Software Update: Firefox 3.6.7 and Firefox 3.5.11
The Mozilla Foundation has released Firefox 3.6.7 and Firefox 3.5.11 for Windows, Mac and Linux to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, bypass security restrictions, or conduct cross-site scripting attacks. Some of these vulnerabilities also affect Thunderbird and SeaMonkey.
Some of these vulnerabilities include:
MFSA 2010-47 Cross-origin data leakage from script filename in error messages
MFSA 2010-46 Cross-domain data theft using CSS
MFSA 2010-45 Multiple location bar spoofing vulnerabilities
MFSA 2010-44 Characters mapped to U+FFFD in 8 bit encodings cause subsequent character to vanish
MFSA 2010-43 Same-origin bypass using canvas context
MFSA 2010-42 Cross-origin data disclosure via Web Workers and importScripts
MFSA 2010-41 Remote code execution using malformed PNG image
MFSA 2010-40 nsTreeSelection dangling pointer remote code execution vulnerability
MFSA 2010-39 nsCSSValue::Array index integer overflow
MFSA 2010-38 Arbitrary code execution using SJOW and fast native function
MFSA 2010-37 Plugin parameter EnsureCachedAttrParamArrays remote code execution vulnerability
MFSA 2010-36 Use-after-free error in NodeIterator
MFSA 2010-35 DOM attribute cloning remote code execution vulnerability
MFSA 2010-34 Miscellaneous memory safety hazards (rv:1.9.2.7/ 1.9.1.11)