Mozilla upgrades Firefox 3.5 to fix bug

Mozilla has released a new version of its Firefox web browser to fix a critical vulnerability that was found last week.

The bug in Firefox 3.5's Just-in-time (JIT) JavaScript compiler, if exploited, could allow an attacker to remotely execute code on a targeted system, the firm said.

Mozilla also warned that a working exploit had been publicly released, increasing the risk of attacks occurring in the wild.

Mozilla announced yesterday that Firefox 3.5.1 is available for Windows, Mac and Linux users as a free download from Firefox.com.

"We strongly recommend that all Firefox 3.5 users upgrade to this latest release," wrote Firefox director Mike Beltzner in a blog posting.

"If you already have Firefox 3.5, you will receive an automated update notification within 24 to 48 hours. This update can also be applied manually by selecting 'Check for Updates' from the Help menu."

Beltzner also urged those using Firefox 2.0.0.x to upgrade to 3.5 because this version is no longer supported and contains known security vulnerabilities.