Firefox users need to upgrade their browsers following the discovery of multiple security vulnerabilities.

The flaws affect both Firefox 1.x and the latest Firefox 2.0.x releases. Surfers need to upgrade to version 1.5.0.9 or 2.0.0.1 of the browser, respectively. Users also need to upgrade to a new version of the Mozilla email client, Thunderbird 1.5.0.9, for similar reasons.

The nine security bugs (reported by various security researchers) create a means for hackers to swipe sensitive information, run cross-site scripting attacks, or gain control of vulnerable systems, security notification firm Secunia reports.

The bugs involve flaws in Firefox's JavaScript engine, the feed preview feature of Firefox 2.0, Scalable Vector Graphics (SVG) processing code, and various buffer overflow flaws in other components of the browser software, as explained in greater detail here. ®

Related stories

• Firefox lances IE bug (18 July 2007)
• Thunderbird 2 is go (19 April 2007)
• Mozilla patches faulty patch (7 March 2007)
• Firefox fix lances memory corruption bug (26 February 2007)
• Firefox hands out cookies from strangers (15 February 2007)
• Updated IE and Firefox cough up hard drive contents (13 February 2007)
• Firefox popup exploit allows file snooping (7 February 2007)
• Review Firefox 2.0: happier browsing, but secure? (30 January 2007)
• IE and Firefox blighted by fake login flaw (23 November 2006)
• Firefox outshines IE in phish fight (15 November 2006)
• Updated Microsoft unleashes improved Firefox (14 November 2006)
• Firefox update aims to lance security bugs (9 November 2006)
• Attackers end-run around IE security (8 November 2006)
• Old bugs blight shiny new browsers (30 October 2006)
• Mozilla brainstorms Firefox 3.0 (16 October 2006)
• Update Firefox JavaScript risk downplayed (3 October 2006)
• Mozilla security takes axe to redundant code (15 September 2006)