Security researcher Evgeny Legerov of Intevydis reported a Critical Security Issue which was announced by Mozilla foundation on 22nd March, had been fixed with a new version update 3.6.2. Its now available via automatic self discoverable built-in update.
We find details at Mozilla Foundation Announcement
Title: WOFF heap corruption due to integer overflow
Announced: March 22, 2010
Reporter: Evgeny Legerov
Products: Firefox 3.6
Fixed in: Firefox 3.6.2
Security researcher Evgeny Legerov of Intevydis reported that the WOFF decoder contains an integer overflow in a font decompression routine. This flaw could result in too small a memory buffer being allocated to store a downloadable font. An attacker could use this vulnerability to crash a victim’s browser and execute arbitrary code on his/her system.
Support for the WOFF downloadable font format is new in Firefox 3.6 (Gecko 1.9.2); this vulnerability does not affect products built on earlier versions of the Mozilla browser engine.
So its the time everybody should upgrade their Firefox to latest 3.6.2. You could check your version Click Help ->About Mozilla Firefox. If its anything otherthen 3.6.2 then click Help -> Check For Updates. You will be automatically upgraded to latest safe version.