Mozilla fixes Firefox flaws it introduced
The latest update also includes a security fix
Computerworld - Mozilla Corp. late yesterday updated the Firefox browser to patch a single security vulnerability and fix several bugs it unintentionally introduced in earlier versions.
Mozilla currently supports two branches of the open-source application, and the upgrades -- Firefox 126.96.36.199 and Firefox 188.8.131.52 -- are now available, according to the release notes posted on the company's Web site.
Mozilla said that the security flaw, though rated as a low threat, might be used by attackers to run a rudimentary port scan of systems within the same perimeter as the victimized machine. The attacker, however, would have to craft a malicious Web site and host it on an FTP server and then con users into visiting the page.
The main purpose of the update, however, was to fix several "regressions" -- unintended flaws introduced by changes to previous versions. Earlier this month, Mozilla said it was working on a fast-turnaround for 184.108.40.206/220.127.116.11 to correct regressions in the browser's password manager, automatic security certificate authentication feature and other areas.
In related news, it appears that Mozilla will issue one more security update to Firefox 1.5.x before it puts the aging browser out to pasture.
Mozilla announced last year that it would stop issuing security updates for Firefox 1.5 as of April 24. A message from a Mozilla developer posted more than two weeks ago, however, named 18.104.22.168 as one of the two "the next regular security/stability releases."
By Symantec's count, Firefox ended 2006 on an upbeat note for security. It received patches for 40 bugs in the last six months of the year, 26% fewer than the 54 fixes released for rival browser Internet Explorer. So far in 2007, Mozilla has addressed nine bugs in Firefox while Microsoft Corp. has fixed four in IE.
Firefox 22.214.171.124 can be downloaded from the Mozilla Web site in versions for Windows, Mac OS X and Linux in 40 languages. Users can also update the browser using the Check for Updates command in the help menu.
Read more about Security in Computerworld's Security Topic Center.
- Mobile First: Securing Information Sprawl Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps...
- Cybersecurity Imperatives: Reinvent your Network Security The Rise of CyberSecurity
- Surescripts Case Study- Securing Keys and Certificates Surescripts implemented Venafi's Trust Protection Platform™ to secure digital keys and certificates, ensure the privacy and confidentiality of electronic clinical information for its...
- Ponemon 2014 SSH Security Vulnerability Report According to research by the Ponemon Institute, 3 out of 4 enterprises have no security controls in place for SSH which leaves organizations...
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities.
- Deep Dive into Advanced Networking and Security with Hybrid Cloud Security and networking are among the top concerns when moving workloads to the cloud. VMware vCloud® Hybrid Service™ enables you to extend your... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!