On Wednesday, Mozilla issued patches for versions 3.5.8 and 3.0.18 of the browser, sending out fixes for the latter even though it had said it would stop supporting Firefox 3.0 in January.
In its security bulletin, the company said the vulnerabilities had previously been resolved in Firefox 3.6, which was launched on 21 January.
The five flaws addressed by Mozilla included three the company rated 'critical'. These three flaws involve an error in handling out-of-memory conditions; stability errors in the Gecko rendering engine; and a bug in the way Mozilla's implementation of web workers handles posted messages, Mozilla said. Web workers are used to carry out scripting tasks in a way that reduces the processing load on the user interface.