Firefox users are being advised to update their browsers in the wake of new security patches from Mozilla.
The company this week issued updates for a pair of vulnerabilities in versions of Firefox prior to 3.5 which could allow attackers to steal personal data and remotely execute code.
The first of the two flaws lies in the handling of Secure Socket Layer (SSL) protocol and if exploited could allow an attacker to issue false security certificates and possibly steal user data. Discovery of the flaw was attributed to researchers Dan Kaminsky and Moxie Marlinspike.
The second of the two vulnerabilities, also discovered by Marlinspike, could allow for remote code execution. An attacker could exploit the flaw by using a specially-crafted certificate to cause a application crash and leave users vulnerable to further attacks.
Mozilla said that Firefox 3.5 was not believed to be vulnerable to either of the reported issues. Firefox 3.0 users are being advised to update to the 3.5 version of the browser.
The company issued an update for Firefox 3.5 in mid-July to fix an unrelated flaw in the browser's JavaScript component.
The new releases come just days after the company marked the one billionth download for the popular open source web browser.
_(22).jpg&h=140&w=231&c=1&s=0)
.png&h=140&w=231&c=1&s=0)
_(20).jpg&h=140&w=231&c=1&s=0)
_(26).jpg&w=100&c=1&s=0)
iTnews Executive Retreat - Security Leaders Edition
_(1).jpg&h=140&w=231&c=1&s=0)
