The open-source developer also patched 31 vulnerabilities, 23 of them dubbed "critical," the top-most threat in Mozilla's system. Five were labeled "high" and three were pegged as "moderate."

Nearly half of the total were reported by Abhishek Arya, who goes by the nickname "Inferno," of the Google Chrome security team, said Mozilla in an . Another four were submitted by a pair of long-time contributors to Google's bug-bounty program.

One of the more interesting vulnerabilities could allow an attacker to after a Firefox install, assuming he or she could plant a file in the Windows root directory beforehand.

Twenty-six of the 31 vulnerabilities were also patched in a companion update to Firefox ESR, or Extended Support Release, the version designed for businesses. Unlike the normal Firefox build, ESR does not change its feature set or user interface (UI) for more than a year, although it does receive security patches.

Mozilla last upgraded Firefox on . The company issues a new version every six weeks under the rapid-release schedule it adopted last year.