Mozilla fixes critical Firefox flaws

Mozilla is urging all Firefox users to upgrade to the latest version

Mozilla has announced a number of fixes for its Firefox browser, warning that four of the flaws are critical.

The advisory also contained two fixes with a 'High' rating, two listed as 'Moderate', and four minor vulnerabilities. Some of the issues are so severe that firms are being urged to automatically, or if necessary, manually update all their users to the newest version of the browser.

One of the fixes is for corrupted memory code that could be exploited to run arbitrary code. A problem with the way that JavaScript might be exploited within mail applications has also been discovered.

"We strongly discourage users from running JavaScript in mail," Mozilla advised in response to the flaw. "Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript such as large images."

The advisory recommends that JavaScript be disabled until a version containing these fixes is available.

Other issues relate to compatibility problems with emerging technologies from rival firms. "Some web pages (such as mlb.com) do not properly detect if Silverlight is installed and will not function properly," the advisory warns.

Mozilla is expected to launch a full, new version of the browser later this week. Firefox 3.0.9 is now available for Windows, Mac, and Linux users as a free download from getfirefox.com.