Mozilla issued an update fixing several dangerous cross-site-scripting (XSS) flaws that could allow an attacker to run malicious code and gain access to critical system files.
The flaws can be found in versions 2 and 3 of the Firefox browser. Firefox 3.0.5 fixes an XSS flaw in SessionStore, a session restore feature, which contains an error that could be manipulated to inject malicious code into the browser.
Danish vulnerability clearinghouse Secunia gave the flaws a highly critical rating. In its advisory, Secunia said some of the errors addressed by Mozilla allow an attacker to bypass cookie settings and identify specific users in browsing sessions.
In addition, Mozilla announced that it is dropping support of FireFox 2. The latest security update will be the last for the older version of the browser. Phishing protection, which communicates with Google to identify possible phishing sites is also being dropped in Firefox 2. Mozilla is urging users to upgrade to the latest version.