The Mozilla Project released Firefox 3.0.8 today to fix two critical security issues.
- MFSA 2009-12 addresses an XSL transform issue that could result in a browser crash. There is a possibility that an attacker could use this crash to run arbitrary code on the target computer.
- MFSA 2009-13 fixes an XUL
treeelement method that was causing garbage collection routines to be run on objects that were still in use. The resulting browser crash could be used by an attacker to run arbitrary code on the target computer.
These security fixes are the only changes made since the Firefox 3.0.7 release. The Mozilla Project obviously thinks these security issues are serious enough to address with a special release of Firefox. You should, too.