For some reason, Legerov did not immediately provide Mozilla with details. Once he did, the flaw was fixed as part of Firefox 3.6.2 which has now been released about a week earlier than expected.
The vulnerability involved an integer overflow condition in the WOFF (Web Open Font Format) decoder that was new in version 1.9.2 of the Gecko engine and therefore affected Firefox 3.6 only, not other Mozilla programs.
Mozilla confirmed that the vulnerability could allow the execution of arbitrary code.
Firefox 3.6.2 also includes a long list of fixes for stability and other issues.
Windows and Mac OS X users can most easily get version 3.6.2 by using the Check for Updates command in Firefox 3.6. The complete program can be downloaded here.