Mozilla has released five critical security fixes that could be exploited by hackers to mount remote code execution attacks.
The latest Firefox 30 update is available now and includes seven security fixes. Mozilla recommended installing the update as soon as possible, warning that the critical vulnerabilities could be exploited by hackers to “run attacker code and install software, requiring no user interaction beyond normal browsing”.
The two ‘high’ rated vulnerabilities are also listed as being potentially dangerous, as they could be used “to gather sensitive data from other sites the user is visiting or inject data or code into those sites, requiring no more than normal browsing actions”.
Firefox 30 is a relatively minor update beyond the security fixes. The only notable change is the addition of a sidebar button to quickly access social and bookmarked sites.
Mozilla is one of several companies forced to issue browser security fixes this week. Microsoft released a staggering 59 security fixes for various versions of Internet Explorer in its latest Patch Tuesday update.
The update included critical fixes for IE 6, 7, 8, 9, 10 and 11 as well as important updates for affected versions of the browser running in Windows Server.
One of the fixes covers a publicly disclosed vulnerability that Microsoft was first made aware of in November 2013 by the Zero Day Initiative.
The reason Microsoft took so long to release a patch remains unknown, although there is currently no evidence to suggest that it was actively exploited by hackers.