Increasingly popular web browser Mozilla Firefox has released its latest version, which corrects seven security bugs, including four critical vulnerabilities.
Vulnerability reporting firm Secunia said in an advisory today that the flaws can be exploited to conduct man-in-the-middle and cross-site scripting attacks, in addition to compromising a user's system.
Secunia said in an advisory today that the bundle of flaws - which it rated "highly critical" - can be exploited to conduct man-in-the-middle and cross-site scripting attacks, in addition to compromising a user's system.
A third critical flaw is related to errors that occur during text display. This hole can be exploited to corrupt memory and launch arbitrary code. Another is related to the verification of signatures bundled in the Network Security Services library
A fifth flaw can allow for arbitrary HTML and script coding across domains. Similarly, another vulnerability allows for coding when blocked pop-ups are opened. A final flaw is related to unspecified memory corruption that could lead to arbitrary code execution.
"Firefox 220.127.116.11 is a security and stability update that is part of our ongoing program to provide a safe internet experience for our customers," Mozilla said on its website. "We recommend that all users upgrade to the latest version."
A Mozilla representative could not be reached for comment.
Several researchers, including SANS experts in their latest Internet Security Vulnerabilities report, have said that as more users abandon Internet Explorer, hackers will turn their attention alternate web browsers, such as Firefox.
Users running Firefox 1.5 will receive an automatic update that a new version is available for download, the company said.
Click here to email Dan Kaplan.