Mozilla has rushed out updates to plug a few critical holes in versions 2 and 3 of its popular open source Firefox browser.
Firefox 3.0.5 fixes three critical security flaws in the browser, while 18.104.22.168 stitches four critical vulns.
The bugs in the browser could have been “used to run attacker code and install software, requiring no user interaction beyond normal browsing,” said Mozilla.
It also once again urged users to upgrade from Firefox 2.0 because version 22.214.171.124 is the final release of updates for the browser.
The company “is not planning any further security and stability updates for Firefox 2, and recommends that you upgrade to Firefox 3 as soon as possible”.
It added that Mozilla’s “Phishing Protection” service would no longer be available in Firefox 2. In other words, it won’t be supporting the browser against future online scams and attacks.
Mozilla’s security updates today follow on from Microsoft having to push out an emergency security patch for Internet Explorer on Wednesday, addressing a critical security hole currently being exploited in the wild.
The latest zero-day vulnerability stems from data binding bugs that allows hackers access to a computer's memory space, allowing attackers to remotely execute malicious code as IE crashes, said a red-faced Microsoft yesterday. ®