Mozilla released Firefox 3.6.9 / 3.5.12 browsers to close 10 critical security vulnerabilities in each and to help Web site operators block a risk called "clickjacking". For new Firefox 3.5 and 3.6, nine of the ten critical vulnerabilities are the same, but one problem on 3.5 is minor on 3.6, and one 3.6 problem didn't affect 3.5. In addition, several non-critical security vulnerabilities were patched.
"Firefox 3.6 also gets a new general approach to cut down browsing risks: support for what's called "X-Frame-Options HTTP response header". Web site developers can use this technology to block browsers from showing their Web sites inside a frame--essentially a smaller window within browser window. Putting a legitimate site inside a frame on a malicious site is one approach for attacks clickjacking, in which malicious site can capture keystrokes such as usernames and passwords."
Mozilla also released a fifth Firefox 4 beta on Tuesday, adding support for some hardware acceleration on Windows, among other features.