The Mozilla Foundation has released Firefox 3.6.2 to address Firefox 3.6 multiple security issues, including a critical vulnerability that may allow a remote attacker to execute arbitrary code.
WOFF heap corruption due to integer overflow with critical impact,
WOFF decoder contains an integer overflow in a font decompression routine. This flaw could result in too small a memory buffer being allocated to store a downloadable font. An attacker could use this vulnerability to crash a victim's browser and execute arbitrary code on his/her system.