Mozilla has released a new version of its Firefox browser that plugs nine security holes, four of which are rated "critical," the foundation's highest vulnerability level.

Version 3.0.11 squashes a javascript chrome privilege escalation bug, which Mozilla said allows attackers to execute malware on the computers of end users. Exploits would work by manipulating chrome privileged objects, such as a browser sidebar.

Mozilla said some of same bugs have been fixed in version 2.0.0.22 of Thunderbird, but at time of writing, the most current version of the email application was 2.0.0.21. We wouldn't be surprised if an update was released soon.

As usual, the update will be pushed directly to Firefox users and requires only a simple restart of the browser to be installed. If only all software updates were that easy. ®

Related stories

• Mozilla Store shuttered after vendor security breach (5 August 2009)
• Firefox laggards offered security update (22 July 2009)
• Researcher raids browser history for webmail login tokens (20 July 2009)
• Mozilla downplays risk from unpatched flaw (20 July 2009)
• Firefox update fixes zero-day JavaScript flaw (17 July 2009)
• Updated Unpatched Firefox flaw lets fox into henhouse (14 July 2009)
• Chrome update plugs hush-hush browser hole (24 June 2009)
• MS names ship date for free security suite (19 June 2009)
• Chrome update completes busy browser patch week (12 June 2009)
• Firefox users flip out over sneak MS add-on (1 June 2009)
• Adobe convenes 'Come to Jesus' meeting for buggy Reader app (20 May 2009)
• Site schools world+dog in browsing history pilfering (8 May 2009)
• Safari, Opera browsers patch-shy, says study (6 May 2009)
• Firefox users caught in crossfire of warring add-ons (4 May 2009)
• Firefox update fixes pwn2own vuln (30 March 2009)