Mozilla released an emergency update for Firefox 3.5on October 27th. From Mozilla Developer’s News:
These releases fix a critical security issue that could potentially allow remote code execution. We have received reports from several security research firms that exploit code leveraging this vulnerability has been detected in the wild. Thanks to Mozilla’s industry-leading open security process the fix has been created, tested, and released to users within 48 hours of first notification about the vulnerability.
See the Release Notes for more information. Auto-updates should be occurring in the next 24-48 hours, otherwise users may get the latest update by going to Help menu and selecting Check For Updates. If you’re still using Firefox 3.0.x, this version is no longer supported and may contain security vulnerabilities.
IMPORTANT! Firefox 3.5 support will be ending soon. Upgrade to Firefox 3.6