Mozilla has released five critical security fixes for issues in its browser that could have been exploited by hackers to mount remote code execution attacks.
The latest Firefox 30 update is available now and includes seven security fixes. Mozilla recommended installing the update as soon as possible, warning that the critical vulnerabilities could be exploited by hackers to "run attacker code and install software, requiring no user interaction beyond normal browsing".
The two 'high' rated vulnerabilities are also listed as being potentially dangerous, as they could be used "to gather sensitive data from other sites the user is visiting or inject data or code into those sites, requiring no more than normal browsing actions".
Firefox 30 is a relatively minor update beyond the security fixes. The only notable change is the addition of a sidebar button to quickly access social and bookmarked sites.
Mozilla is one of several companies forced to issue browser security fixes this week. Microsoft released a staggering 59 security fixes for various versions of Internet Explorer in its latest Patch Tuesday update.
The update included critical fixes for IE 6, 7, 8, 9, 10 and 11 as well as important updates for affected versions of the browser running in Windows Server.
One of the fixes covers a publicly disclosed vulnerability that Microsoft was first made aware of in November 2013 by the Zero Day Initiative.
The reason Microsoft took so long to release a patch remains unknown, although there is currently no evidence to suggest that it was actively exploited by hackers.
Why does Facebook store "my entire call history with my partner's mum", asks developer who requested his Facebook data
Facebook database included text-message metadata - despite not using Facebook Messenger for SMS
Before Ocado could start selling the technology it had developed to other retailers, it had to tear down and rebuild its own monolithic architecture
Successful attack could result in harm to patients and financial loss, warns NHS governing body
Guccifer 2.0 claimed to be a lone Romanian hacker - until a schoolboy error gave him, her or them away