Firefox 3.0.8 is a high-priority firedrill security update to Firefox 3.0.x. Due to the pwn2own bug that Nils discovered at CanSecWest 2009 and the XSLT vulnerability recently made public by Guido Landi (www.securityfocus.com/bid/34235) are both critical issues that can result in malicious code execution.
These issues can be exploited by tricking a user into visiting a malicious web page hosting the exploit code. The pwn2own bug can be mitigated by disabling JavaScript.
Versions prior to the following are vulnerable:
- Firefox 3.0.8
- SeaMonkey 1.1.16
Concequently, if you haven’t updated Firefox yet do so immediately. You can download FF 3.0.8 here, and read more about what else is new here.