The bugs are corrected in Firefox 126.96.36.199, Thunderbird 188.8.131.52 and SeaMonkey 1.0.6, but browser users are encouraged to upgrade to Firefox 2.0 because support for 1.5 ends in April.
The second flaw could allow for the forging of RSA digital signatures, according to Mozilla.
"Forging an RSA signature may allow an attacker to craft a TLS/SSL or email certificate that will not be detected as invalid," the US-CERT alert said. "This may allow that attacker to impersonate a website or email system that relies on certificates for authentication."
The third vulnerability is related to memory corruption and could lead to a system crash.
News of the bugs comes two weeks after Mozilla released its latest browser version, Firefox 2.0.
Like Microsoft's Internet Explorer 7, also released last month, Firefox 2.0's most significant security feature is new anti-phishing technology, Window Snyder, Mozilla's recently hired security chief, has told SCMagazine.com.
A less visible security feature rests in the browser's use of "sandboxing," which prevents untrusted - possibly malicious - code from interacting outside the context of a specific webpage, Snyder said.
Click here to email Dan Kaplan