"Mozilla has rushed out updates to plug a few critical holes in versions 2 and 3 of its popular open source Firefox browser.
Firefox 3.0.5 fixes three critical security flaws in the browser, while 18.104.22.168 stitches four critical vulns.
The bugs in the browser could have been “used to run attacker code and install software, requiring no user interaction beyond normal browsing,” said Mozilla.
It also once again urged users to upgrade from Firefox 2.0 because version 22.214.171.124 is the final release of updates for the browser."
The following issues were addressed according to the Security Advisories page for firefox.
XSS vulnerabilities in SessionStore
MFSA 2008-67 Escaped null characters ignored by CSS parser
MFSA 2008-66 Errors parsing URLs with leading whitespace and control characters
MFSA 2008-65 Cross-domain data theft via script redirect error message
MFSA 2008-64 XMLHttpRequest 302 response disclosure
MFSA 2008-63 User tracking via XUL persist attribute
MFSA 2008-60 Crashes with evidence of memory corruption (rv:126.96.36.199/188.8.131.52)
Read more: http://www.theregister.co.uk/2008/12/17/mozilla_3_0_5_and_2_0_0_1_9_updates/
Firefox Security Fix Information: http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.5