A vulnerability in the way Firefox 3.5 handles JavaScript has been rated “highly critical” by Secunia.  Instructions showing how to exploit this flaw have been posted online.  A workaround is available involving a simple edit to one entry in the “about:config” settings.  Details on the flaw and the fix can be found here.  For those of us who had been waiting to upgrade until the Norton Hot Fix was released, we might want to continue to delay just a while longer.