Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to conduct cross-site scripting attacks or compromise a user's system.

1) Multiple errors in the browser engine can be exploited to corrupt memory and potentially execute arbitrary code.

2) An integer overflow error in a base64 decoding function can be exploited to corrupt memory and potentially execute arbitrary code.

3) An error in the handling of multiple RDF files in a XUL tree element can be exploited to corrupt memory and potentially execute arbitrary code.

4) An error exists in the construction of documents, which can result in double copies of certain elements within this document.

5) An error in the handling of frames can be exploited to cause a memory corruption and potentially execute arbitrary code.

6) Multiple errors in the Javascript engine can be exploited to corrupt memory and potentially execute arbitrary code.

7) An error in the handling of Flash objects when navigating to another page can potentially be exploited to trigger a call to a deleted object and potentially execute arbitrary code.

8) Multiple vulnerabilities in various font glyph rendering libraries can be exploited by malicious people to compromise a user's system.

For more information:
SA35021

9) An error in the handling of SVG elements on which a watch function and __defineSetter__ function have been set for a certain property can be exploited to cause a memory corruption and execute arbitrary code.

10) An error when setTimeout() is invoked with certain object parameters can result in the object loosing its wrapper. This can potentially be exploited to execute arbitrary Javascript code with chrome privileges.

11) Various errors in the handling of wrappers for objects can potentially be exploited to access properties of such objects that have been set by a different site and e.g. conduct cross-site scripting attacks.

Solution
Update to version 3.0.12.

Provided and/or discovered by
The vendor credits:
1) Martijn Wargers, Arno Renevier, Jesse Ruderman, Olli Pettay, and Blake Kaplan
2) monarch2020
3) Christophe Charron
4) Yongqian Li
5) John Senchak
6) Peter Van der Beken, Mike Shaver, Jesse Ruderman, and Carsten Book
7) Attila Suszter
8) Will Drewry
9) PenPal
10) Blake Kaplan
11) moz_bug_r_a4

Original Advisory
Mozilla Foundation:
http://www.mozilla.org/security/announce/2009/mfsa2009-34.html
http://www.mozilla.org/security/announce/2009/mfsa2009-35.html
http://www.mozilla.org/security/announce/2009/mfsa2009-36.html
http://www.mozilla.org/security/announce/2009/mfsa2009-37.html
http://www.mozilla.org/security/announce/2009/mfsa2009-39.html
http://www.mozilla.org/security/announce/2009/mfsa2009-40.html

Other references
Further details available to Secunia VIM customers

Deep Links
Links available to Secunia VIM customers