I haven't gone into it much, but I think that script execution may be not necessary.

It's the level of defect that I don't hold back from complaining about in Microsoft products - JPEGs that turn yourycomputer evil? E-mail that infects as soon as you receive it... and a web page font that does the dirty on you as soon as you open a web page.

So I have to reproach it in Firefox as well. Bad font data must NOT lead to malicious activity.

Still, fixed quite quickly, given that mister security researcher apparently chose to play silly buggers on Mozilla.

Just guessing here but i`m thinking the exploit would need to run a script first?
I run the NoScript addon with firefox and i dont allow any scripts to run unless on websites i know and trust.This is the main reason i use firefox really and i have had no problems for years.

Do you mean the 3.6.2 beta release? That's not a patch surely? And beta is risky too. (Officially.)

However, there now seems to be a final 3.6.2 release.

I suppose this itself counts as a "manual install" if you normally just use the version that came with your last Linux distro.

Is that what you meant?

The Firefox geeks who keep attacking IE seem to forget their beloved browser does have more bugs than IE and last year had more than all the other browsers combined!

Hmmmm....Exploits are found in all browsers. Going by the logic of the German Government, the only browser fit for usage would be...Lynx:).

Government advisories on computer browsers? What kind of nanny state do you run over there?

Well they would, wouldn't they.

If this was IE, there'd be murder on here by the fanboys. But because it's Firefox, it's OK really. Nothing to make a fuss about, eh?