Plone 3.3.4 is now available, and includes Zope 2.10.11, which fixes a potential XSS issue in the default error page in Zope. Although this is hard to exploit, since you have to manage to bypass the standard Plone error page — which does not have this issue — we strongly recommend that you upgrade your servers that are running any Zope version to their fixed releases available from zope.org. This applies no matter what version of Zope you are running.
This issue is fixed in the latest release of KSS, and should make Plone faster for your logged-in users that are using Firefox 3.5. Though the issue has also been fixed in Firefox 3.6, which ships tomorrow, we still recommend that you upgrade.