Mozilla has released fixes for five security holes in older versions of Firefox, while a security company has warned of a zero-day flaw in the latest version of the popular browser.
Mozilla issued patches Wednesday for versions 3.5.8 and 3.0.18 of the browser, sending out fixes for the latter even though it had said it would stop supporting Firefox 3.0 in January. In its security bulletin, the company said the vulnerabilities had previously been resolved in Firefox 3.6, which was launched on January 21. The five flaws addressed by Mozilla included three the company rated "critical." Those three flaws involve an error in handling out-of-memory conditions; stability errors in the Gecko rendering engine; and a bug in the way Mozilla's implementation of Web Worker handles posted messages.
Separately, Secunia reported Thursday an unpatched bug in Firefox 3.6, the most recent version of the browser. The security firm warned that the software contains a bug that could be used to execute malicious code on a user's system.
Read more of "Firefox suffers critical bugs" at ZDNet UK.