Hi bob3160,
What is the dangerous bit of these browser vulnerabilities, because there are many variations on a theme for the Mozarts of Malware is that these "still unpatched" vulnerabilities can be put into action with just a browser and ten fingers.
The majority of the vulnerabilities are considered critical, which Mozilla defines as vulnerabilities that "can be used to run attacker code and install software, requiring no user interaction beyond normal browsing."
Mozilla's update addresses the following problems:
Critical-Risk Vulnerabilities
* Security check of js_ValueToFunctionObject() can be circumvented
* Privilege escalation through Print Preview
* Privilege escalation using crypto.generateCRMFRequest
* CSS Letter-Spacing Heap Overflow Vulnerability
* Crashes with evidence of memory corruption (rv:1.8.0.2)
* Accessing XBL compilation scope via valueOf.call()
* Privilege escalation using a JavaScript function's cloned parent
* Mozilla Firefox Tag Order Vulnerability
* Privilege escalation via XBL.method.eval
* Crashes with evidence of memory corruption (rv:1.
* JavaScript garbage-collection hazard audit
But Privilege Escalation using add selection listener, File stealing by changing input (the one I went on about), HTTP response smuggling and a few others are still there.
Keep scripts at bay, and you browse more secure!
polonus