According to Mozilla, 11 of the 13 vulnerabilities are rated "critical," meaning that they can can be used to run attacker code and install software, "requiring no user interaction beyond normal browsing."
The open-source Mozilla group has shipped a highly critical Firefox update to patch 13 vulnerabilities that expose Windows and Mac users to hacker attacks.
Some of the vulnerabilities could be exploited to launch drive-by malware downloads or code execution attacks if a user simply surfs to a rigged Web page.
One of the vulnerabilities is a re-patch for an issue that Mozilla initially thought was fixed back in March.
According to Mozilla, 11 of the 13 vulnerabilities are rated "critical," meaning that they can can be used to run attacker code and install software, "requiring no user interaction beyond normal browsing."
In addition to remote code execution attacks, some of the flaws covered in this patch batch could lead to cross-site scripting, Java security bypass and denial-of-service attacks.
The vulnerabilities affect both Firefox 3.5 and 3.6. The patch is being delivered via the browser's automatic update mechanism.
Here's a quick glimpse of the advisories:
MFSA 2010-84 XSS hazard in multiple character encodings
MFSA 2010-83 Location bar SSL spoofing using network error page