Firefox 3.0.4 is out fixing some 'neat' flaws
From the "weird and wacky ways browser can be exploited" files:
As I noted last week Firefox 3.0.4 is out now (technically late yesterday) fixing at least 9 security fixes four of which are labeled as "critical".
Mozilla also provides a fix for a flaw that could have enabled an attacker to steal user information from local shortcut files. Shortcut files?! Really? Mozilla only labels this flaw as "moderate" since they view it as being a little complex to execute. The way the attack would work is that .url shortcut files could potentially be used to read local cache information if the user downloaded both an HTML file and a .url shortcut.
As part of the update Mozilla is also updating Firefox 2.x to 18.104.22.168 though it's clear that the Firefox 2.x's days are numbered. With Firefox 3.1 around the corner (the Beta 2 release is likely next week now with a test day scheduled for Friday), it will soon be time for Firefox 3.x users to upgrade too.