While Microsoft scrambled to issue an out-of-cycle patch for Internet Explorer on Wednesday, Mozilla did some rushing of its own.

The Firefox developer has issued updates to address “critical vulnerabilities” in versions 2 and 3 of its open-source browser.

Firefox describes a critical vulnerability as one that can be used to run attacker code and install software without user interaction beyond normal browsing.

Security, Stability, Accessibility

Firefox 3.0.5 and Firefox 2.0.0.19 are now available for Windows, Mac and Linux. Firefox 3.0.5 fixes eight security vulnerabilities, three of them critical. The critical fixes include XSS vulnerabilities in SessionStore, XSS and JavaScript privilege escalation, and crashes with evidence of memory corruption.

The Firefox 3.0.5 update also fixes several stability issues and issues found in accessibility implementation, adds the ability to send OS-specific system notes in the crash reporter, and replaces the End-User License Agreement with a new “Know Your Rights” info bar on the initial installation.

Adobe Systems is extending on Thursday its AIR (Adobe Integrated Runtime) technology to Linux desktops.

Previously available for Windows and Macintosh, AIR is Adobe’s free technology that enables delivery of Web applications that also can run outside the browser; it lets Flash programs to run on the desktop. The Linux version of the software can be accessed here.

Yahoo Inc. said Wednesday that it will shorten the amount of time that it retains data about its users’ online behavior - including Internet search records - to three months from 13 months and expand the range of data that it “anonymizes” after that period.

The company’s new privacy policy comes amid mounting concerns among regulators and lawmakers from Washington to Europe about how much data big Internet companies are collecting on their users and how that information is being used. Yahoo’s announcement also ratchets up the pressure on rivals Google Inc. and Microsoft Corp. to follow its lead.

In September, Google said it would “anonymize,” or mask, the numeric Internet Protocol (IP) addresses on its server logs after nine months, down from a previous period of 18 months. And Microsoft, which keeps user data for 18 months, said last week it would support an industry standard of six months.

Under Yahoo’s new policy, the company will strip out portions of users’ IP addresses, alter small tracking files known as “cookies” and delete other potential personally identifiable information after 90 days in most cases. In cases involving fraud and data security, the company will anonymize the data after six months.