Mozilla has released a new version of its flagship Firefox browser to fix 10 vulnerabilities that put Web surfers at risk of code execution attacks. The Firefox 3.5.3 update available for Windows, Mac and Linux users patches security holes that could allow drive-by download attacks if a user simply surfs to a booby-trapped Web site. The open-source group released four bulletins three rated critical to explain the issues: The BrowserFeedWriter could be leveraged to run JavaScript code from web content with elevated privileges.
Source: https://threatpost.com/mozilla-plugs-drive-download-holes-firefox-091109/72230/