Mozilla has updated its popular web browser Firefox to version 3.6 in order to plug a long list of vulnerabilities.
Of the nine listed flaws, five are described as 'critical' and may be used to run attacker code and install software from malicious web sites without user permission.
The point release also includes unspecified fixes for stability issues and can be downloaded here.
Hackers have recently subverted Firefox's own security tools in order to con hapless users into buying fake anti-virus software, but it's not clear from the current release notes if this particular hole has been plugged.
Ironically, the genuine-looking warning page points out the dire consequences of installing dodgy software from the Internet and then does exactly that.