Security bugs in the open source Firefox browser and Thunderbird email application could let hackers take control of users’ computers, security experts have warned.
Figures released earlier this month showed that Firefox now accounts for 10% of the browser market.
The US computer emergency readiness team (Cert) warned that the Mozilla products contained a series of vulnerabilities relating to the way they handle website URLs or images.
“There are vulnerabilities in various features of the Mozilla web browser, Mozilla e-mail application, Firefox web browser, and Thunderbird e-mail application,” US-Cert said. Products based on Mozilla components, particularly the standards-based layout engine Gecko, could also be affected.
The security holes meant attackers could cause applications to crash or take control of a user’s computer by luring them to a malicious website or e-mail message, US-Cert warned.
It urged users to upgrade to the latest versions of the software, Firefox 220.127.116.11 and Thunderbird 18.104.22.168, which have been released to close the security holes.
The latest upgrade comes two months after the previous Firefox update, which fixed eight vulnerabilities, one of them rated critical.