Mozilla has released Firefox and Thunderbird v2.0.0.17 and Firefox v3.0.3 to address multiple vulnerabilities. These may allow an attacker to execute arbitrary code, obtain sensitive information, conduct cross-site scripting attacks, cause a denial-of-service condition, operate with escalated privileges, or conduct Clickjacking attacks. Note that Firefox v3.0.2 was initially released to address these vulnerabilities. Version 3.0.3 was released to correct a flaw that was unrelated to the vulnerabilities.

US-CERT encourages users and administrators to do the following to help mitigate the risks:

• Review the Security Advisories for Firefox 2.0.0.17.
• Review the Release Notes for Firefox 3.0.3.
• Upgrade to Firefox and Thunderbird 2.0.0.17 or Firefox 3.0.3 as necessary.

Read more: US-CERT Current Activity