firefox is vulnerable to arbitrary code execution. The vulnerability exists as an integer underflow flaw was found in the way Firefox handled large JavaScript regular expressions. A web page containing malicious JavaScript could cause Firefox to access already freed memory, causing Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.
lists.opensuse.org/opensuse-security-announce/2011-11/msg00020.html
www.debian.org/security/2011/dsa-2312
www.debian.org/security/2011/dsa-2313
www.debian.org/security/2011/dsa-2317
www.mandriva.com/security/advisories?name=MDVSA-2011:139
www.mandriva.com/security/advisories?name=MDVSA-2011:140
www.mandriva.com/security/advisories?name=MDVSA-2011:141
www.mozilla.org/security/announce/2011/mfsa2011-37.html
www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.23
www.redhat.com/support/errata/RHSA-2011-1341.html
access.redhat.com/errata/RHSA-2011:1341
access.redhat.com/security/updates/classification/#critical
bugzilla.mozilla.org/show_bug.cgi?id=684815
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14012