Mozilla has pushed out a new version of Firefox that fixes a brace of security bugs, barely a fortnight after its last update.

Firefox version 2.0.0.6 addresses a critical vulnerability that means unescaped URIs (uniform resource identifiers) are passed to external programs. The serious security flaw, discovered by security researchers last week, created a means for hackers to install malware on a Windows PC simply by convincing potential marks to click on a doctored link.

The update also fixes a less serious privilege escalation vulnerability involving Firefox add-ons.

The release - available in Mac, Windows, and Linux flavours - will be automatically pushed out to users within the next two days. Mozilla's release notes can be found here.

Users of Thunderbird, Firefox's email client, and Mozilla's SeaMonkey suite also need to upgrade as a result of the same bugs to versions 2.0.0.6 and 1.1.4, respectively.

The update is the second from Mozilla in two weeks. Firefox version 2.0.0.5, the previous update, fixed a number of memory corruption and privilege escalation flaws, including a high-profile bug involving launching Firefox from Internet Explorer. ®

More comments…

Related stories

Minor Firefox update addresses stability glitches (2 November 2007)
Microsoft sics worldwide braintrust on XP vuln (26 October 2007)
Bad hair day for alternative browser users (19 October 2007)
Mozilla creates start-up to recruit email developers (18 September 2007)
Firefox leak could divulge sensitive info (13 August 2007)
Making open-source browsing safe for the masses (2 August 2007)
Zero-day security flaw leaves Firefox wide open (25 July 2007)
Firefox lances IE bug (18 July 2007)
Flaws galore in IE and Firefox (5 June 2007)
Insecure plug-ins pose danger to Firefox users (1 June 2007)
Mozilla patches faulty patch (7 March 2007)
IE 'unsafe' for 284 days last year (5 January 2007)