Firefox has been hit by no less than eight security flaws, six of which are also found in the older Mozilla suite.
The vulnerabilities could allow an attacker to take over an affected system, carry out cross-site scripting and bypass some security restrictions, the Mozilla Foundation warned at the same time it released patches for the holes. Independent security firm Secunia gave the updates a "highly critical" rating.
As Firefox gains market share its handling of security issues is drawing more scrutiny. The patches, issued on Friday, are the third round of security fixes for Firefox and the seventh update for the 1.7 version of Mozilla. The Mozilla project has stopped major development on the suite, but is continuing to fix security flaws.
Finally, a problem with the "chrome" user-interface code in validating DOM nodes allowed several exploits that could allow malicious code execution or data theft, requiring only trivial user actions such as clicking on a link.
The updates, version 1.0.3 of Firefox and 1.7.7 of Mozilla, are available from the Firefox and Mozilla download pages. The project said a number of extensions were broken by the updates, but most extensions have now been revised to work with the new versions.