Mozilla yesterday released updates for its Firefox Web browser to shore up vulnerabilities in the 3.5.x and 3.0.x browser versions.
Three critical flaws (MSFA 2010-01, 2010-02 and 2010-03) all involve memory-related errors that could potentially allow an attacker to run any command on a victim PC. According to the advisories, the holes are already fixed in the recently released Firefox 3.6.
The patches also fix two other flaws that could lead to cross-site scripting attacks, but are only rated moderate (MSFA 2010-04 and 2010-05).
The updates are available for Windows, Mac and Linux, and will bump up the browser versions to 3.5.8 or 3.0.18. If you haven’t already seen the automatic update pop-up, head to Help | Check for Updates to get the patch.