In Firefox’s Help menu choose Check for Updates to download Firefox 3.0.1, a minor update that fixes Firefox 3’s most common causes of crashes. This update won’t cause any add-on incompatibilities.

Mozilla Corp. has patched a pair of critical vulnerabilities in Firefox, taking the unusual step of updating the older version 2.0 on Tuesday but delaying the fixes for the newer version 3.0 until Wednesday.

Both updates, labeled Firefox 2.0.0.16 and Firefox 3.0.1, plug two holes rated “critical” by Mozilla, which uses a four-step threat ranking system. Firefox 2.0.0.16 was posted to Mozilla’s servers Tuesday afternoon.

Firefox 3.0.1, the first update since the open-source browser was upgraded almost a month ago, won’t reach users until Wednesday at the earliest, according to notes from a Mozilla status meeting published online.

One of the flaws patched in 2.0.0.16 and 3.0.1 was credited to security researcher Billy Rios, who wrote last month about a “blended” threat to Windows users who had both Apple Inc.’s Safari browser and Firefox installed on the same system. Then, Rios said that Safari’s “carpet bomb” bug — first disclosed in May and patched in June by Apple — could be combined with other vulnerabilities to attack not only systems with Microsoft Corp.’s Internet Explorer, but also those equipped with Firefox.

If you’re using encryption software to keep part of your computer’s hard drive private, you may have a problem, according to researchers at the University of Washington and BT Group PLC.

They’ve discovered that popular programs such as Microsoft Corp.’s Word and Google Desktop store data on unencrypted sections of a computer’s hard drive, even when the programs are working with encrypted files.

“Information is spilling out from the encrypted region into the unencrypted region,” said Tadayoshi Kohno, an assistant professor at the Seattle-based university and a co-author the study.

Viacom and other copyright holders have agreed to let YouTube mask user IDs and Internet addresses when Google Inc.’s online video site hands over viewership records in a $1 billion lawsuit accusing YouTube of enabling copyright infringement. A federal judge ordered the database produced in a July 1 ruling widely criticized by privacy activists.

“We remain committed to protecting your privacy and we’ll continue to fight for your right to share and broadcast your work on YouTube,” the company said in a blog posting late Monday disclosing the agreement.

Viacom is seeking at least $1 billion in damages from Google, saying YouTube built its business by infringing copyrights on Viacom shows, which include Comedy Central’s “The Daily Show with Jon Stewart” and Nickelodeon’s “SpongeBob SquarePants” cartoon.

Crafted Portable Document Format files can allow an attacker to gain control of a BlackBerry server. According to a security advisory from BlackBerry vendor RIM, the bug is in the PDF Distiller component of the Attachment Service, which runs on the server and prepares PDF email attachments for display on a BlackBerry handheld. The bug is only triggered when a user opens the PDF on his or her BlackBerry handheld.

BlackBerry does not give any further information on the nature of the bug, but it can be used to inject and execute code on the server. BlackBerry Enterprise Server 4.1 Service Pack 3 (4.1.3) to 4.1 Service Pack 5 (4.1.5) and BlackBerry Unite! prior to 1.0 Service Pack 1 (1.0.1) Bundle 36 are affected. Whilst the problem has been fixed in BlackBerry Unite from bundle 36, according to the vendor no patch or update is as yet available for Enterprise Server.

As a workaround, RIM recommends disabling PDF processing in the Attachment Service. Precise instructions are given in the security advisory linked below. As RIM gives the security vulnerability a Common Vulnerability Scoring System (CVSS) score of 9.0 out of a maximum of 10, administrators are advised to take rapid action.