Mozilla has patched 13 flaws in Firefox 2.0 and warned that it will end support for the browser in December.
Mozilla last patched Firefox 2.0 in April.
Firefox 18.104.22.168 addresses 13 vulnerabilities, 5 of them rated "critical" by the open-source company, according to advisories posted on Mozilla's website. Of the remaining bugs, 4 were labelled "high," 2 as "moderate," and 2 as "low."
Interestingly, one of the critical vulnerabilities isn't within the browser per se, but crops up only when one or more add-ons, dubbed "extensions" by Mozilla, are also installed. "Firefox itself does not use this feature in a vulnerable way and users who have not installed any add-ons are not at risk," read the advisory . "We have, however, identified popular add-ons using this feature whose users are at risk and there are no doubt others."
Among the extensions called out by Firefox programmers in the write-up on Bugzilla, Mozilla's bug tracking and management system, was Google's Google Toolbar.
While some of the vulnerabilities' advisories specifically said that Firefox 3.0 is not affected or that the bug had been crushed before Mozilla rolled out the final version of its new browser June 17, the two ranked "low" omitted mention of Firefox 3.0.
Firefox 22.214.171.124 can be downloaded from the Mozilla site in versions for Windows, Mac OS X and Linux. Users running Firefox 2.0 can call up the browser's built-in updater or wait for the automatic update notification, which typically appears within 24 to 48 hours after Mozilla posts a new version.
Mozilla also noted on its website that Firefox 2.0 would roll off its support list in the middle of December 2008, approximately six months after the release of Fire 3.0.
"Firefox 2.0.0.x will be maintained with security and stability updates until mid-December, 2008," the company said. "All users are encouraged to upgrade to Firefox 3."