"Mozilla yesterday confirmed a critical vulnerability
in the newest version of Firefox, and said it would plug the hole
by the end of the month.
""The vulnerability was determined to be critical and could
result in remote code execution by an attacker," Mozilla
acknowledged in a post to its security blog. "The vulnerability has
been patched by developers and we are currently undergoing quality
assurance testing for the fix."
"Firefox 3.6, which Mozilla launched in January, is affected,
Mozilla said, adding that it would be patched in version 3.6.2,
currently slated to ship on March 30."