Mozilla has released an emergency update to Firefox 3.6 on October 27th. From Mozilla Developer’s News:
These releases fix a critical security issue that could potentially allow remote code execution. We have received reports from several security research firms that exploit code leveraging this vulnerability has been detected in the wild. Thanks to Mozilla’s industry-leading open security process the fix has been created, tested, and released to users within 48 hours of first notification about the vulnerability.
See the release notes for more details. User should soon be prompted to upgrade but can also can by going to the Help the Menu and selecting Check For Updates…