Mozilla released Firefox 3.6.2 late Monday to fix a critical security hole involving Web-based font technology.

"We strongly recommend that all Firefox users upgrade to this latest release. If you already have Firefox 3.6 you will receive an automated update notification within 24 to 48 hours. This update can also be applied manually by selecting 'Check for Updates...' from the Help menu," Mozilla's director of Firefox, Mike Beltzner, said in a blog post.
With the vulnerability, an attacker could crash a person's browser and, worse, run arbitrary code on the person's machine, Mozilla said. Because it involves a technology called Web Open Font Format (WOFF) introduced in Firefox 3.6, it doesn't affect earlier versions.



Note: Firefox 3.5 users or users with No-script like me need not worry :-)