Users of the latest version of the open source browser have found two “extremely critical” security holes that will allow hackers to gain remote access to the users computer to run malicious code.

The Mozilla Foundation the makers of Firefox said they are aggressively working to fix the holes as soon as possible, but recommend in the meantime that users switch off JavaScript code.

The company issued this security announcement on its site:

“The Mozilla Foundation is aware of two potentially critical Firefox security vulnerabilities as reported publicly Saturday, May 7th. There are currently no known active exploits of these vulnerabilities although a "proof of concept" has been reported. Changes to the Mozilla Update web service have been made to mitigate the risk of an exploit. Mozilla is aggressively working to provide a more comprehensive solution to these potential vulnerabilities and will provide that solution in a forthcoming security update. Users can further protect themselves today by temporarily disabling JavaScript.”

According to MozillaZine an independent Mozilla news, community and advocacy site. The second flaw is more serious and involves the software installation dialogue, which is used to ask the user if they wish to install software (such as an extension) from a website.

“In Mozilla Firefox (but not the Mozilla Application Suite), this dialogue can include an icon, which is supplied by the site as a URL to an image file. Due to insufficient checking, this icon URL can actually be a piece of JavaScript code, which is run with no further prompting. As this code actually runs from the software installation dialogue, rather than a webpage, it is executed with 'full chrome privileges', meaning that it can do anything that the user running Firefox can, including installing software or deleting files. This is the more serious flaw, allowing arbitrary software execution, and only affects Mozilla Firefox. It can prevented by disabling software installation.”

Earlier in the month, Firefox announced that it had been downloaded over 50million times.