Firefox and Chrome get security updates

Mozilla and Google have released security updates for their respective Firefox and Chrome web browsers.

The Firefox update includes fixes for nine security flaws, including five remote code execution vulnerabilities. If exploited, such flaws can allow attackers to remotely install malware on a targeted system without user notification.

The update also addresses two information disclosure vulnerabilities that could be used by an attacker to perform cross-site scripting attacks. The remaining patches cover secure key exchange and SSL protocols.

The Chrome update, meanwhile, patches 10 flaws in multiple versions of the browser, including two unique to the Linux version.

Just one of the flaws is rated 'critical', and concerns a crash triggered by a flaw in the AutoFill component.

Five of the vulnerabilities, including one of the Linux-only flaws, are rated as 'high' risk. Two were credited to third-party researchers who were awarded $500 (£315) under the company's paid disclosure programme.

Two of the remaining four vulnerabilities are classified as 'medium' risk, and two as 'low' risk.

The US Computer Emergency Response Team is advising users and administrators to review the updates and install any necessary patches.