The most serious flaw appears to involve a JavaScript privilege escalation problem, according to the SANS Internet Storm Center. This could force the browser to run malicious scripts that could lead to cross-site scripting or arbitrary code execution.
Storm Center handler Raul Siles wrote on the group's blog that users should consider running the open-source NoScript extension, offered by InformAction, to protect against attacks.
The other critical bug that was patched relates to a memory corruption error.
Mozilla also released version 1.1.9 of internet suite SeaMonkey and version 2.0.0.13 of email client Thunderbird.
See original article on scmagazineus.com