Firefox has been updated to version 3.5.1 to fix a number of security and stability issues according to the release notes. However one of those issues was apparently self inflicted. However security issue in question was “self inflicted”:
“Looking at the exploit code and our test cases, I think this is self-inflicted and we should have hidden the bug earlier,” argued Andreas Gal on Bugzilla. Gal is a project scientist at the University of California, Irvine, where the technique called “trace trees” was developed. Firefox 3.5’s TraceMonkey engine is based on that technique, and builds on code and ideas shared with the open-source Tamarin Tracing project.
Another contributor agreed. “It would seem that the Milw0rm exploit code is based on the test cases for this bug,” said someone identified only as “WD” in the same Bugzilla thread. “When you look at the crash details in a debugger, it’s pretty clear that it’s exploitable with a heap spray to the access violation address in question.”
At least they fixed it quickly after taking responsibility for the issue. That’s refreshing. I highly recommend that you update to this release now if you’re Firefox user.