Mozilla fixed a widely publicised security vulnerability in Firefox in its latest batch of patches.
The 18.104.22.168 update fixes a handful of memory corruption flaws that crash Firefox, and a cross-site request forgery flaw that could give attackers unauthorised access to certain websites.
But the most anticipated fix addresses a problem in the way Firefox processes files that are compressed using the .jar (Java Archive) format.
Firefox does not properly check .jar files, giving attackers a way to launch web-based cross-site-scripting attacks against Firefox users. The bug was reported in February and gained widespread attention in early November when security researchers showed how it could be used to run unauthorised code on vulnerable PCs.
The memory corruption bugs could also have led to more serious problems, Mozilla said. "We presume that with enough effort, at least some of these could be exploited to run arbitrary code," the company said on its website.
This .jar flaw is one of a new category of bugs that have popped up in Firefox and other browsers in recent months. They have to do with the way the browser handles links that are used to launch other applications. Known as URI (Uniform Resource Identifier) protocol handler vulnerabilities, these bugs can be triggered when software is launched via the browser.
URI protocol handler flaws have been found in Microsoft Internet Explorer, Adobe software and Google's Picasa software.