Mozilla has released new Firefox security patches, and is advising users to update their browsers immediately.
The company issued updates for two vulnerabilities in versions of Firefox prior to 3.5 which could allow attackers to steal personal data and remotely execute code.
The first lies in the handling of the Secure Socket Layer protocol and could allow an attacker to issue false security certificates and possibly steal user data. Discovery of the flaw was attributed to researchers Dan Kaminsky and Moxie Marlinspike.
The second of the two vulnerabilities, discovered by Marlinspike, could allow remote code execution. An attacker could use a specially crafted certificate to cause an application crash and leave users vulnerable to further attacks.
Mozilla said that Firefox 3.5 is not believed to be vulnerable to either of the issues. Firefox 3.0 users are being advised to update to version 3.5.
The new releases come just days after the company marked the one billionth download for the popular open source web browser.
And, yep, it'll run Android rather than RiscOS
US engineering giant's cost-cutting outsourcing plan is on the rocks, according to insiders
HP Envy X2 laptop only affordable if you've got loadsamoney
Counterfeit code-signing certificates enabling hackers to hide malware being sold by cyber criminals
Certificates can be used as part of layered obfuscation to evade detection by anti-virus software