Open-source software maker Mozilla released a patch on Wednesday, fixing three critical vulnerabilities in the latest version of its Firefox browser.

The flaws fixed by the software update include a variant of a vulnerability in Internet Explorer that could be exploited by the so-called "carpet bombing" attack. The patch also fixes a flaw in the way the browser handles references to CSS objects. The third vulnerability, in the way that the browser handles GIF image files, only affects Firefox 3.0 running on the Mac OS X and was found by an Apple security engineer.

Mozilla released the latest major update to its browser a month ago, adding -- among other features -- the ability to block sites serving known malware. A day after releasing the browser software, at least three security researchers published claims of flaws in the program. Earlier this month, the developers behind the Firefox 3 browser announced a project aimed at keeping tabs on how well the software maker handles vulnerabilities.

The latest patch updates the browser to version 3.0.1. By default, Firefox automatically downloads and installs updates.

If you have tips or insights on this topic, please contact SecurityFocus.