Computerworld - Mozilla Corp. late yesterday updated the Firefox browser to patch a single security vulnerability and fix several bugs it unintentionally introduced in earlier versions.
Mozilla currently supports two branches of the open-source application, and the upgrades -- Firefox 2.0.0.3 and Firefox 1.5.0.11 -- are now available, according to the release notes posted on the company's Web site.
Mozilla said that the security flaw, though rated as a low threat, might be used by attackers to run a rudimentary port scan of systems within the same perimeter as the victimized machine. The attacker, however, would have to craft a malicious Web site and host it on an FTP server and then con users into visiting the page.
The main purpose of the update, however, was to fix several "regressions" -- unintended flaws introduced by changes to previous versions. Earlier this month, Mozilla said it was working on a fast-turnaround for 2.0.0.3/1.5.0.11 to correct regressions in the browser's password manager, automatic security certificate authentication feature and other areas.
In related news, it appears that Mozilla will issue one more security update to Firefox 1.5.x before it puts the aging browser out to pasture.
Mozilla announced last year that it would stop issuing security updates for Firefox 1.5 as of April 24. A message from a Mozilla developer posted more than two weeks ago, however, named 1.5.0.12 as one of the two "the next regular security/stability releases."
By Symantec's count, Firefox ended 2006 on an upbeat note for security. It received patches for 40 bugs in the last six months of the year, 26% fewer than the 54 fixes released for rival browser Internet Explorer. So far in 2007, Mozilla has addressed nine bugs in Firefox while Microsoft Corp. has fixed four in IE.
Firefox 2.0.0.3 can be downloaded from the Mozilla Web site in versions for Windows, Mac OS X and Linux in 40 languages. Users can also update the browser using the Check for Updates command in the help menu.
Read more about Security in Computerworld's Security Topic Center.
Free Insider GuideCopyright © 1994 - 2013 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
