Mozilla is re-releasing its security update for Firefox 2.0 after it accidentally omitted one of the patches.
"We don't believe users are at risk right now," said Mike Beltzner, director of Firefox. Beltzner declined to pinpoint the missing patch - one of 10 that were to be included in the update - to make it more difficult for attackers to take advantage of the snafu. "I can tell you that it's not one of the severe vulnerabilities and there are no known exploits for it," he said.
Mozilla will release Firefox 22.214.171.124, which will include the omitted patch, as early as today and no later than Monday.
Tuesday's update was supposed to be the last for Firefox 2.0, which is slated for retirement. Instead, Mozilla plans to call it quits with Firefox 126.96.36.199.
Only the Windows version was affected by the mistake; the Mac and Linux editions contain all 10 fixes.
"Due to a clerical error, and this is embarrassing, we forgot to include one of the patches," said Beltzner. "That means Firefox 188.8.131.52 is not identical across platforms."
Firefox 184.108.40.206 was supposed to include five patches labelled 'critical', one 'high', two 'moderate' and two 'low' in Mozilla's four-step scoring system. Of the four in the two less-severe categories, the most serious could be used by attackers to steal information from a user while browsing.
As per its policy, Mozilla was to officially retire the older browser on Tuesday, but must now delay that until Version 220.127.116.11 is available. Mozilla has been aggressively urging users to upgrade to Firefox 3.0 since that edition launched last June, and since then has twice offered Firefox 2.0 users an update, most recently as two weeks ago.
Mozilla estimated that approximately two million users accepted the second upgrade. The company plans to make one final offer early next month.
When Mozilla wraps up its testing, it will post Firefox 18.104.22.168 to its we site for download. Users will also be able to retrieve it via Firefox's built-in updater, or they can wait for the automatic update notification to appear.
Mozilla isn't the only software maker that has had to re-issue an update. Last June, for example, Microsoft re-released a patch for Windows XP's implementation of Bluetooth because the fix didn't really fix anything. In September, Apple was forced to repeat a release of iTunes 8.0 after a buggy driver crashed Windows Vista PCs with the dreaded ‘blue screen of death'.