There is a javascript vulnerability in v3.5. People need to update to v3.5.2 to be safe. That is in case it doesn't update automatically.
Also v3.5 came with the "Just In Time" javascript compiler turned off. To activate it:
Type about:config in the address bar.
click past the warning.
type jit into the filter bar.
Double Click javascript.options.jit.chrome to switch the value to true.
I don't know if v3.5.2. comes with it enabled or not. I did it on v3.5 and it carried over when it updated to v3.5.2. It might be worthwhile to check.