Mozilla rushing out update for Firefox flaws

Mozilla is to release a "high-priority fire drill security" update for its Firefox browser, after two flaws were discovered.

The patches will be released either 30 March or April as part of the next edition of the browser, Firefox 3.0.8 which is being rushed out because of the flaws.

The vulnerabilities at issue are the Pwn2Own flaw discovered at CanSecWest, as well as the XSLT bug. Mozilla described both as critical issues that allow malicious code execution. "These issues can be exploited by tricking a user into visiting a malicious web page hosting the exploit code," Mozilla said on its security blog.

"Both issues have been investigated and fixes have been developed which are now undergoing quality assurance testing," Mozilla added.

Mozilla faces renewed competition from Microsoft with the recent release of Internet Explorer 8, but Firefox still came out tops in our four-way browser beta test.