Not long after Firefox 3.5.1 was released to address a security issue, a new exploit has been found and a proof of concept has been posted. "The vulnerability is a remote stack-based buffer-overflow, triggered by sending an overly long string of Unicode data to the document.write method. If exploited, the resulting overflow could lead to code execution, or if the exploit attempts fail, a denial-of-service scenario." It's recommended that Firefox users disable Javascript until the issue is patched, though addons like NoScript should do the trick as well (unless a site on your whitelist becomes compromised)

http://tech.slashdot.org/story/09/07/19/169206/New-Firefox-Vulnerability-Revealed

Disabling Javascript shouldn't have to be an answer to the problem, because many websites use both Java and Flash.

Where is Mozilla going wrong? Luckily for me, I decided not to upgrade after downgrading from 3.5.0.

I'm using 3.0.11 with no fail, it's funny how the older versions of FireFox aren't targeted by anything.

Any news on whether it affects Vista users with UAC enabled?

I believe I am still on Firefox 3.5.0, I should upgrade it as soon as possible. :/