Reseller News

Mozilla fixes single Firefox flaw

Mozilla Corp. Tuesday took the unusual step of patching a single vulnerability in its Firefox browser, but it will resume regular multiple-fix security updates with the next release, which is slated to debut before April 24.

Firefox and Firefox -- Mozilla currently supports two branches of the open-source application -- both fix a single flaw, according to the release notes posted on the company's Web site.

Mozilla said that the patched bug, though rated as a low threat, could be used by attackers to run a rudimentary port scan of systems within the same perimeter as the victimized machine. The attacker, however, would have to craft a malicious Web site and host it on an FTP server and then con users into visiting the page.

Earlier this month, Mozilla said it was working on a fast-turnaround fix for a so-called "regression" bug, an unintended flaw introduced by changes to an earlier version of the browser. The latest patch was that fix.

Although Mozilla announced last year that it would stop issuing security updates for Firefox 1.5 as of April 24, it seems one last batch of patches will be released for the older edition. A message from a Mozilla developer posted more than two weeks ago said that the next versions, and, would be "the next regular security/stability releases."

By Symantec's count, Firefox ended 2006 on an upbeat note on security; it received patches for 40 bugs in the last six months of the year, 26 percent fewer than the 54 fixes released for rival browser Internet Explorer. So far in 2007, Mozilla has addressed nine bugs in Firefox, while Microsoft Corp. has fixed four in IE.

Firefox can be downloaded from the Mozilla Web site in versions for Windows, Mac OS X and Linux in 40 languages. Firefox users can also update the browser using the Check for Updates command in the help menu.