The open-source group has rolled out the final security fix for the Firefox 2 branch and a new version of Firefox 3 to plug about a dozen security holes that could lead to remote code execution attacks, browser crashes and information disclosure issues.
[ SEE: ‘End of life’ beckons for Firefox 2 ]
In all, Mozilla released eight different bulletins with details on the security flaws. Three of the bulletins carry a "critical" label, meaning they can be exploited "to run attacker code and install software, requiring no user interaction beyond normal browsing."
One of the bulletins carry a "high severity" rating, meaning it can be used by hackers "to gather sensitive data from sites in other windows or inject data or code into those sites, requiring no more than normal browsing actions."
[ SEE: ‘Extremely severe’ vulnerabilities in Opera browser ]
The details:
Some of the bugs only affect Firefox 3 so it is important for all Firefox users to apply the update that's released via the browser's automatic patching mechanism.
As I previously reported, Mozilla is not planning any more security and stability updates for Firefox 2. If you are still on the old version, also note that the Google-powered anti-phishing protection will no longer be available for Firefox 2 users.
ALSO SEE: As attacks escalate, MS readies emergency IE patch
* Image source: _sarchi's Flicker photostream (Creative Commons 2.0)