The Mozilla Foundation just released Firefox 3.6.4 which fixes overall 7 security vulnerabilities of which 4 are rated critical. This means that attackers may abuse the vulnerabilities to inject malware. An interesting new feature in this version is the plugin separation (Out-of-Process-Plugins, OOPP): If a plugin like QuickTime, Flash Player, Microsoft Silverlight (these three are supported in the first implementation) or similar crashes, only the plugin vanishes – the browser and the opened tabs stay intact.
Also, for Firefox 3.5 there is a security fix, version 3.5.10. It closes 9 security holes of which 6 earned the critical rating. As a side note, support for Firefox 3.5 is ending in 2 months, so an upgrade to Firefox 3.6 is due.
Users of the Opera web browser should install the version 10.54 as soon as possible, too. According to the changelog, it fixes 5 security vulnerabilities – 2 of those being quite severe, while one security hole can be abused to exploit a vulnerability in the Windows Operating System. Details of the vulnerabilities are missing, but the changelog states that they will follow later on.