As usual, Mozilla did not explicitly say that all the flaws could be exploited, but instead hedged with its traditional phrasing of, "We presume that with enough effort at least some of these could be exploited to run arbitrary code."

Eleven of the 14 bugs were also patched in Firefox ESR, or Extended Support Release, the longer-lived edition designed for enterprises that don't want to update workers' machines every few weeks.

The current version of Firefox ESR is based on Firefox 10, which shipped in December 2011. ESR receives only security updates during its 54-week lifespan. The first iteration of ESR won't appreciably change until November 2012, and will be supported with security patches until early February 2013.

As expected, Mozilla did not release fixes for Firefox 3.6, the 2010 browser it officially .

Mozilla has been nagging Firefox 3.6 users with pleas to upgrade for weeks, and will take the unusual step of automatically upgrading them to Firefox 12 early next month.