Mozilla has released a security and stability update for Firefox 3.x users.
Using this vulnerability, an attacker could cause a chrome privileged object, such as the browser sidebar or the Feed Writer, to interact with web content in such a way that attacker controlled code may be executed with the object's chrome privileges.
Another fix is for the arbitrary code execution using event listeners attached to an element whose owner document is null. With this, the owner document of an element can become null after garbage collection.
Also a vulnerability that crashes with evidence of memory corruption has been fixed, after some crashes showed evidence of memory corruption under certain circumstances. Mozilla presumed that with enough effort, at least some of these could be exploited to run arbitrary code.
Mozilla strongly recommended that all Firefox users upgrade to this latest release.