"The exploit portal Milw0rm has published an exploit
for Firefox 3.5. The exploit demonstrates a security vulnerability by
starting the Windows calculator. In testing by heise Security, the
exploit crashed Firefox under Vista, but security service providers
Secunia and VUPEN confirmed that attackers using prepared websites can
infect PCs. The cause of the problem is a buffer overflow when
processing specially prepared Font tags."
Read more: http://www.h-online.com/security/First-Zero-Day-Exploit-for-Firefox-3-5–/news/113761
