A pair of unpatched vulnerabilities in Mozilla's Firefox Web browser -- rated as "extremely critical" by one security firm -- could allow an attacker to take control of a PC simply by getting a user to visit a malicious Web site.

Not good, and what's worse this exploit is actually out on the net today. This would mean the forth critical security patch for Firefox this year, when 1.0.4 is released, in comparison IE has only had 2, both of which were promptly fixed. I don't believe there is currently any solid release date for version 1.0.4 which would address these issues.

With all these people using Firefox, I actually had a look at the traffic logs for my sites over the last 7 days (about 50 000 visitors). Out of those using Firefox only 13% actually had the latest version 1.0.3 (which is as above not secure anyway), everyone else were using even older versions with loads of security issues.

Mozilla REALLY need to get a move on with releasing updates, and they need to get their users installing them. The autoupdate in the old versions certainly doesn't work right, I've got autoupdate enabled on one of mine (using 1.0.2) and it has yet to inform me about 1.0.3, which has been out for weeks. I have to go and manually check, which isn't a very nice experience with it being hidden in advanced options.

How is your average user who saw Firefox mentioned in the newspaper (most of which falsely claim it's "secure") going to know how to do that? Chances are they're running an even older version, have been fooled into thinking they have something "rock-solid and secure" and are going to end up with their machines compromised. Mozilla you're not in the little leagues anymore, not all of your users visit your update page every day and try out the nightly builds, you have to get ALL of your users up to date, and you have to get vulnerabilities fixed BEFORE samples of the exploit code get put up on the net.

Firefox is a ticking time bomb, it's getting close to critical-unpatched mass, Mozilla had better do something fast, because if a lot of users do suddenly find their machines not working they're gonna end up with a very bad taste in their mouths that will hang around for years to come.