The Mozilla Foundation has released new versions of the Firefox web browser and other software to address several remotely exploitable vulnerabilities.
A total of nine vulnerabilities have been patched in Firefox 35, Mozilla said in its security advisory for January 2015.
Of these, four are categorised as critical, which Mozilla said means they can be used to run attacker code and install software, without user interaction beyond normal web browsing - a so-called drive-by attack.
Users and administrators are encouraged to update to the latest version 35 of Firefox and 31.4 of Firefox Extended Support Release. The United States government Computer Emergency Readiness Team (CERT) warned that exploitation of the vulnerabilities could allow remote attackers to take control of affected systems.
The SeaMonkey all-in-one internet application suite and Thunderbird email, messaging and calendaring program, both of which use Firefox code, have also been patched by Mozilla.
While Google Chrome has overtaken Firefox in the popularity stakes in recent years, the open source web browser still holds around 12 percent of the worldwide market, according to analyst firm NetMarketShare.