A "Highly Critical" vulnerability has been discovered in Firefox 3.5. The vulnerability is in the way Firefox handles JacaScript code. At this time there is not vendor patch but there is a band aid.
Mozilla Security Blog
John "Mike" Wright