The Mozilla Foundation said last week it has patched several serious security flaws in the popular Firefox browser, bugs that also affect the SeaMonkey browser and the Thunderbird e-mail application.
The bugs could allow an attacker to take over a system, as well as less serious exploits such as spoofing or security bypass, Mozilla said. While browser bug patches, even for critical flaws, have become somewhat routine, the latest alert highlights the fact that Firefox no longer has as clear an advantage over Microsoft's Internet Explorer as it once did.
According to security firm Secunia, Firefox and IE 7 have been affected by a similar number of advisories so far this year, though IE has been hit by more serious bugs than Firefox.
In an advisory, Mozilla said the Firefox 220.127.116.11 and 18.104.22.168 update releases had fixed bugs that appeared to allow remote system access.
"Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code," the company stated.
Also fixed were an error in the "addEventListener" method, which could be exploited to inject script from one site into another, and a bug in the handling of XUL pop-ups that could allow spoofing of the location bar or other browser interface components.
Secunia called the bugs "highly critical."
To date, Firefox has been affected by five vulnerabilities and IE 7 by six, according to Secunia's statistics.
Forty per cent of the Firefox bugs remain unpatched, compared with 50 per cent for IE 7. But only 13 per cent of the Firefox bugs allowed system access, compared to 43 per cent for IE 7, which is more closely integrated with Windows.
Correspondingly, Secunia ranked 17 per cent of the IE bugs as "extremely critical", a status attained by none of the Firefox advisories.
Forty per cent of the Firefox advisories were "highly critical", with the rest less serious. Along with IE 7's 17 per cent "extremely critical" bugs, 33 per cent were "highly critical" and the others were less serious.