Various analysts and sites have recently confirmed a vulnerability is present in FireFox 3.5.1 that has had exploit PoC released. When exploited, the vulnerability can lead to system compromise or induce a DOS. No Patch is available.
Interestingly the SecurityFocus BID for this says it’s FF 3.5, but the ISC SANS post above does say 3.5.1 (and they do know what they’re talking about). There is also a CVE number allocated to it, but I’m having problems reaching that at present to check what it says. One possible explanation is that Mozilla pushed out 3.5.1 to fix the 3.5 0day that appeared recently, but this bug was found beforehand and Mozilla weren’t aware of it prior to releasing 3.5.1 (or they thought it was more important to get the other fix out whilst they worked on this).
This is a browser out of memory crash. There is no evidence that this is exploitable while all evidence points to it not being exploitable. Pretty much all browsers crash from this but that doesn’t mean that it’s a security issue.
Thanks for the pointer Asa, ISC SANS have posted an update on this issue too as well as a link to the relevant posting on the Mozilla Blog.