The most serious bugs in Firefox could let an outsider commandeer a vulnerable computer, according to the Burning Edge, a Web site that tracks development of the open-source browser.
The vulnerabilities are fixed in version 220.127.116.11, which was released Thursday. It will be pushed out to users of Firefox 1.5 over the next two days, Mozilla, the company that oversees Firefox development, said on its Web site.
The update fixes seven vulnerabilities, Mozilla said on its Web site. Five of those are "critical," the company said. This means the flaw could be used to run malicious code and install software, requiring no user interaction beyond normal browsing, Mozilla said. Another flaw is considered to be "high" risk, which means it could be exploited to steal data. The final flaw is of "moderate risk," Mozilla said.
While Mozilla identifies seven flaws as being fixed in the new Firefox release, security monitoring company Secunia lists 21 bug fixes in the browser update. Secunia deems the issues "highly critical," one notch below its most serious ranking.
"We're identifying this as a critical release, and we're strongly recommending that everyone update as soon as possible," Mike Schroepfer, vice president of engineering at Mozilla, said in a statement. "This is one of the most stable releases we have ever delivered. It proactively addresses a wide range of security, performance and stability issues we have identified, using the very latest tools and techniques," he said.
Mozilla recommends that Firefox 1.0 users upgrade to this latest release of Firefox 1.5, it said on its Web site. The 1.5 version,, includes an automated update mechanism to help people keep their systems up-to-date.
The Firefox update comes two days after Microsoft released afor the rival Internet Explorer browser, fixing 10 vulnerabilities.
In addition to security patches, Firefox includes some stability enhancements and, as expected, includes native support for. Apple released the first Macs with those chips in January, and Mozilla originally said it had scheduled .