Mozilla has issued a security update Firefox to address five bugs in older versions of the browser, including three labelled as critical.
Users of Firefox 3.0.x and 3.5.x are being advised to upgrade to versions 3.0.18 and 3.5.8 respectively to protect against the vulnerabilities, three of which have been labelled critical and two moderate in Mozilla's four-step scoring system.
The latest version of the browser, Firefox 3.6, already had the patches on board when it launched last month.
The critical updates relate to instabilities in Firefox's Gecko rendering engine, a flaw in the HTML parser and a vulnerability in how Firefox uses web workers to move JavaScript tasks to the background.
According to Mozilla, its crash reports show that all three of the holes could potentially be used by hackers to inject malware onto the host computer.
"Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code," the advisory accompanying the update reads.
The two remaining flaws are less serious, potentially allowing an attacker to execute malicious JavaScript code.
The remaining two moderate bugs address holes that could be exploited in cross-site scripting attacks in JavaScript. Mozilla revealed that both had been reported by Microsoft just one day after the computing giant reported a critical flaw in Adobe's Reader and Acrobat software.
The Firefox 3.0.18 and 3.5.8 security updates are available for Windows, Mac OS X and Linux users, and can be downloaded from Mozilla or using Firefox's update system.
-
Google, Anthropic, and others pledge $915m for carbon removalNews Firms want to show researchers and investors that there's a significant market waiting for them
-
Cloudflare launches new partner initiative to support AI and SASE adoptionNews The vendor has unveiled a new partner designation alongside an AI-powered deployment toolkit designed to simplify security platform migrations
-
Spanish spyware outfit uncovered, develops exploits for Windows, Chrome, and FirefoxNews Google was only able to discover the company after an anonymous submission was made to its Chrome bug reporting programme
-
Firefox 95 boosts protection against zero-day attacksNews Mozilla's browser now takes a more granular approach to walling off code
-
Mozilla to end support for Firefox Lockwise password manager
News Replacement service already lined up as browser specialist continues to streamline business
-
Firefox available on Microsoft Store for first timeNews Gecko-based browser arrives after Microsoft removes restrictions
-
Mozilla to cut 250 jobs as part of major coronavirus restructureNews The reorganisation has been made so the company can become faster, more innovative, and find more revenue streams
-
Why I’m leading a browser double lifeOpinion There are benefits to using more than one browser
-
Mozilla re-hires veteran Mitchell Baker to serve as CEONews The interim chair and CEO formally rejoins the organisation after Chris Beard stepped down in December 2019
-
Mozilla fixes two Firefox zero-days being actively exploitedNews Critical vulnerabilities allow attackers to execute arbitrary code or trigger crashes
