Six of the 11 issues are in advisories rated "critical" because of the risk of code execution attacks that could allow hackers to take complete control of a compromised machine. Here's a snapshot of the critical issues:
Mozilla security researcher moz_bug_r_a4 reported a vulnerability which allows scripts from page content to run with elevated privileges. Using this vulnerability, an attacker could cause a chrome privileged object, such as the browser sidebar or the FeedWriter, to interact with web content in such a way that attacker controlled code may be executed with the object's chrome privileges.
MFSA 2009-29 Arbitrary code execution using event listeners attached to an element whose owner document is null
MFSA 2009-28 Race condition while accessing the private data of a NPObject JS wrapper class object
Jakob Balle and Carsten Eiram of Secunia Research reported a race condition in
NPObjWrapper_NewResolve when accessing the properties of a
NPObject, a wrapped
JSObject. Balle and Eiram demonstrated that this condition could be reached by navigating away from a web page during the loading of a Java applet. Under such conditions the Java object would be destroyed but later called into resulting in a free memory read. It might be possible for an attacker to write to the freed memory before it is reused and run arbitrary code on the victim's computer.
MFSA 2009-24 Crashes with evidence of memory corruption
Mozilla developers and community members identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. There are three difference CVEs attached to these crashes.
Firefox 3.0.11 is shipped via the browser's automatic update mechanism.