Last Monday, Mozilla released Firefox 3.6.2 to address critical security hole involving Web-based font technology.
In a blog post by Mozilla developer News they announced the release of the said browser ahead of schedule and are presently available for download for Windows, Mac and Linux. They also expressed their strong recommendation for the upgrade.
The said security hole was reported by Evgeny Legerov of Intevydis. In his report he said that the WOFF decoder contained an integer overflow in a font decompression routine. This could lead to a small memory buffer being allocated to store downloadable font. With this it could lead an attacker to crash it's victim's browser and worse allows him to run arbitrary code in the machine as well.
For those who are using earlier versions of Firefox, there's no need to worry of this problem since WOFF is introduced in the 3.6 version thus not affecting them.