New versions of the Firefox browser and Mozilla suite of programs have been released, which deal with some vulnerabilities detected in the software packages. Three fixes are critical, and involve two cases of arbitrary code execution and one of privilege escalation.

In the first, an error in the support for "favicons" could allow a script to run with elevated privileges and install or run malicious software.

The second, specific to Firefox, allows malicious scripts to open a privileged page in the sidebar and then inject script that can be used to install malicious code or steal data.

The third bug appears to involve UI code executing user scripts in an inappropriately privileged fashion.


You can download the new Firefox here, and new mozilla here.