Mozilla has announced the release of Firefox 3.6.3 to address a critical security hole used as part of a winning exploit at Pwn2Own 2010. The update comes just over a week after the release of Firefox 3.6.2 which addressed a different critical flaw.
The memory corruption flaw, demonstrated by Nils of MWR Infosecurity at Pwn2Own 2010, is caused by moving DOM nodes between documents and triggering garbage collection at the right time, leaving an incorrectly retained node which would be used later. This, in turn, could be used to execute remotely injected code. Mozilla say the exploit only affects Firefox 3.6, but that it plans to patch Firefox 3.5 in a coming release "just in case there is an alternate way of triggering the bug".
Continued here: http://www.h-online.com/security/news/item/Firefox-3-6-3-closes-a-critical-hole-969805.html