Mozilla rolled out Firefox 29 on Tuesday, a huge overhaul that addresses 15 security vulnerabilities, six of which are deemed critical, meaning the bug could be used to run attack code and install software with no user interaction aside from normal browsing.

The critical vulnerabilities included three use-after-free bugs in nsHostResolve, imgLoader, and Text Track Manager for HTML video; a privilege escalation issue through Web Notification API, and two memory safety flaws in the browser engine and other Mozilla-based products, an advisory from the company said.

Of note, the memory safety bugs (CVE-2014-1518 and CVE-2014-1519) could allow remote attackers to launch denial-of-service attacks against users, or execute arbitrary code through “unknown vectors,” the company warned.