update Firefox users have been urged to update their browser immediately after Mozilla, the organisation behind the popular browser, said it had fixed eight vulnerabilities in Firefox 2.0.
Mozilla said five of the eight vulnerabilities were 'critical', meaning an attacker could exploit the weaknesses to run malicious code on the compromised machine. Seven vulnerability updates have been issued for the previous version of Firefox, version 1.5, of which five are rated as critical.
The updated version was made available on Tuesday evening. It can be downloaded from Mozilla's website. Firefox users who have set their browser to receive automatic updates will be notified or sent the update, depending on their preferences.
Mozilla also urged users of its Thunderbird email application to download several security updates. Mozilla advised people to forgo enabling JavaScript in Thunderbird and the mail portions of its Internet application suite SeaMonkey. Users are also urged to download SeaMonkey 1.0.7, which is undergoing its final paces of testing.
"Some of these (flaws) were crashes that showed evidence of memory corruption, and we presume that at least some of these could be exploited to run arbitrary code with enough effort," according to one of six-related "critical" Mozilla security advisories issued on Tuesday.
The updates to Firefox 2.0 are the first since its release in late October. They cover flaws in memory corruption, and the way the browser executes RSS, Javascript and CSS code.
Version 1.5 has already seen a whole raft of updates, including the patching of other critical vulnerabilities in November.
According to Mozilla developers, the Firefox updates will work with Vista, which was released to businesses three weeks ago.
Security research organisation Secunia rated the Mozilla flaws as 'highly critical' and described the threats in detail on its site.
Last month, Mozilla also issued "critical" security updates for Firefox, Thunderbird and SeaMonkey.
Tristan Nitot, president of Mozilla Europe, confirmed that Mozilla plans to drop support for Firefox 1.5 on 24 April, 2007, not October 2007 as previously reported. "We are consistent with our approach, which is to support a version, in this case 1.5.0.x, for six months after the following version, in this case Firefox 2," Nitot said.
Dawn Kawamoto from CNET News.com also contributed to this report.
The best browser ever :). Kudos to the firefox team for patching up vulnerabilities and maintaining the best browser.