Mozilla: Patch Firefox now

Eight vulnerabilities in the popular open-source browser have been fixed, of which five were rated 'critical'

Firefox users have been urged to update their browser immediately after Mozilla, the organisation behind the popular browser, said it had fixed eight vulnerabilities in Firefox 2.0.

Mozilla said five of the eight vulnerabilities were 'critical', meaning an attacker could exploit the weaknesses to run malicious code on the compromised machine. Seven vulnerability updates have been issued for the previous version of Firefox, version 1.5, of which five are rated as critical. Mozilla also urged users of its Thunderbird email application to download several security updates.

The updated version was made available on Tuesday evening. It can be downloaded from Mozilla's website. Firefox users who have set their browser to receive automatic updates will be notified or sent the update, depending on their preferences.

The updates to Firefox 2.0 are the first since its release in late October. They cover flaws in memory corruption, and the way the browser executes RSS, Javascript and CSS code.

Version 1.5 has already seen a whole raft of updates, including the patching of other critical vulnerabilities in November.

According to Mozilla developers, the Firefox updates will work with Vista, which was released to businesses three weeks ago.

Security research organisation Secunia rated the Mozilla flaws as 'highly critical' and described the threats in detail on its site.

Tristan Nitot, president of Mozilla Europe, confirmed that Mozilla plans to drop support for Firefox 1.5 on 24 April, 2007, not October 2007 as previously reported. "We are consistent with our approach, which is to support a version, in this case 1.5.0.x, for six months after the following version, in this case Firefox 2," Nitot said.