Mozilla published a new version of its Firefox web browser on Tuesday that fixes five security vulnerabilities, two of which it rates as critical.

Firefox version 3.0.2 fixes a memory corruption bug and a separate critical bug involving privilege escalation and the XPCnativeWrapper component of the browser. Both create possible mechanisms for hackers to inject hostile code into vulnerable systems using rigged websites, or perform similar tricks.

The updates also fix three lesser flaws - two of which are rated as moderate and one of which earns a low risk rating.

All five flaws are explained in Mozilla's release notes here and there's additional commentary from the good folk of the Internet Storm Centre here. ®

Related stories

• Firefox update fixes four critical flaws (13 November 2008)
• Firefox hits 20% share as testers tickle 'pr0n mode' (5 November 2008)
• Mozilla bets big with new R&D group (14 October 2008)
• Firefox update fixes international character password glitch (29 September 2008)
• Mozilla security chief: Apple should open up (15 September 2008)
• Internet Explorer - now with 35% less FAIL (29 August 2008)
• That password-protected site of yours - it ain't (22 August 2008)
• Mac users urged to ditch Safari (5 August 2008)
• Firefox sweeps away carpet bombing bug (17 July 2008)
• Mozilla insists Firefox 3.1 won't hit bum note for developers (14 July 2008)
• Mozilla develops browser security metrics (8 July 2008)
• Opera update fixes stability bugs (4 July 2008)
• Firefox 3 makes up world record to set world record (3 July 2008)
• Bugs casts shadow over Firefox 3 (19 June 2008)