Firefox update fixes bug brace
Booby trap link bug defused
Mozilla has pushed out a new version of Firefox that fixes a brace of security bugs, barely a fortnight after its last update.
Firefox version 220.127.116.11 addresses a critical vulnerability that means unescaped URIs (uniform resource identifiers) are passed to external programs. The serious security flaw, discovered by security researchers last week, created a means for hackers to install malware on a Windows PC simply by convincing potential marks to click on a doctored link.
The update also fixes a less serious privilege escalation vulnerability involving Firefox add-ons.
The release - available in Mac, Windows, and Linux flavours - will be automatically pushed out to users within the next two days. Mozilla's release notes can be found here.
Users of Thunderbird, Firefox's email client, and Mozilla's SeaMonkey suite also need to upgrade as a result of the same bugs to versions 18.104.22.168 and 1.1.4, respectively.
The update is the second from Mozilla in two weeks. Firefox version 22.214.171.124, the previous update, fixed a number of memory corruption and privilege escalation flaws, including a high-profile bug involving launching Firefox from Internet Explorer. ®