Mozilla has patched eight flaws in its Firefox web browser with a new security release.
Three of the eight flaws patched were labelled by Mozilla as 'critical'. Two of them could allow an attacker to execute a cross-site scripting attack, in which scripts or commands from one web application that shouldn't run in another are successfully executed.
The third problem relates to Firefox's browser engine, and could make it crash or possibly allow someone to remotely execute code on a PC, Mozilla said in its advisory.
Mozilla defines a critical vulnerability as one that could allow an attacker to run code on a machine in the course of normal web browsing.
The patches are for Firefox version numbers 3.04 and 18.104.22.168. Mozilla has said this round of patches will be the last for Firefox 2, which it will now stop supporting. The update also removes the phishing filter in Firefox 2 because the browser uses an outdated version of a protocol used to import a blocklist of phishing sites supplied by Google. Mozilla is also prompting Firefox 2 users to upgrade to Firefox 3.
Firefox's auto-update mechanism should automatically download these latest patches, and users will be prompted to restart the browser to complete the process.