Firefox 3.5.6, the browser's first security update since late October, fixed five flaws rated critical by Mozilla, one tagged as high, three pegged as moderate, and one labelled as a low threat.
Firefox 3.0, which Mozilla will retire from security support next month, was also updated with the release of version 3.0.16. The older browser received seven patches, just two of them marked critical.
The disparity between the versions' patch counts was due to several that affected only the newer Firefox 3.5, including the two critical bugs in the code libraries, and two of the engine vulnerabilities.
The updates came just days before Mozilla is to release the fifth beta of Firefox 3.6, a minor update once set to ship before the end of the year, but that increasingly looks like it might straggle into 2010.
In fact, Mozilla sounded uncertain whether it would actually deliver Beta 5.
"Beta 5 builds are being tested by QA now, targeting a Thursday release unless we get to RC [Release Candidate] first," notes from a weekly status meeting stated.
"We are really, really close to being code-complete & only need 8 more patches, and a TraceMonkey merge. If we can go to build today or tomorrow, QA will scrap Beta 5 and we'll release RC to the beta audience ASAP."
Mozilla last updated Firefox 3.6 three weeks ago, when it issued Beta 4 .
According to web metrics company Net Applications, Firefox accounted for about 25 percent of all browsers used during the month of November.
Over the past week, however, Firefox's usage share slipped slightly as users turned instead to Google's Chrome, which reached beta status for Mac and Linux on December 8.
Firefox 3.5.6 and 3.0.16 can be downloaded now for Windows, Mac OS X and Linux from the Mozilla site.
Current Firefox users can instead call up the browsers' update tools, or wait for automatic update notifications to appear in the next 48 hours.