We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,639 News Articles

Patch missing from 'final' Firefox 2.0 update

Mozilla plans to re-release security fix

Mozilla is re-releasing its security update for Firefox 2.0 after it accidentally omitted one of the patches.

"We don't believe users are at risk right now," said Mike Beltzner, director of Firefox. Beltzner declined to pinpoint the missing patch - one of 10 that were to be included in the update - to make it more difficult for attackers to take advantage of the snafu. "I can tell you that it's not one of the severe vulnerabilities and there are no known exploits for it," he said.

Mozilla Firefox 3.0 review

Mozilla will release Firefox 2.0.0.20, which will include the omitted patch, as early as today and no later than Monday.

Tuesday's update was supposed to be the last for Firefox 2.0, which is slated for retirement. Instead, Mozilla plans to call it quits with Firefox 2.0.0.20.

Only the Windows version was affected by the mistake; the Mac and Linux editions contain all 10 fixes.

Visit Security Advisor for the latest internet threat news, FREE net threat email newsletters, and internet security products

Visit Broadband Advisor for the latest internet news, reviews, tips & tricks - and to take advantage of PC Advisor's unique, independent Broadband Speed Tester

"Due to a clerical error, and this is embarrassing, we forgot to include one of the patches," said Beltzner. "That means Firefox 2.0.0.19 is not identical across platforms."

Firefox 2.0.0.19 was supposed to include five patches labelled 'critical', one 'high', two 'moderate' and two 'low' in Mozilla's four-step scoring system. Of the four in the two less-severe categories, the most serious could be used by attackers to steal information from a user while browsing.

As per its policy, Mozilla was to officially retire the older browser on Tuesday, but must now delay that until Version 2.0.0.20 is available. Mozilla has been aggressively urging users to upgrade to Firefox 3.0 since that edition launched last June, and since then has twice offered Firefox 2.0 users an update, most recently as two weeks ago.

Mozilla estimated that approximately two million users accepted the second upgrade. The company plans to make one final offer early next month.

When Mozilla wraps up its testing, it will post Firefox 2.0.0.20 to its we site for download. Users will also be able to retrieve it via Firefox's built-in updater, or they can wait for the automatic update notification to appear.

Mozilla isn't the only software maker that has had to re-issue an update. Last June, for example, Microsoft re-released a patch for Windows XP's implementation of Bluetooth because the fix didn't really fix anything. In September, Apple was forced to repeat a release of iTunes 8.0 after a buggy driver crashed Windows Vista PCs with the dreaded ‘blue screen of death'.

See also: Mozilla Firefox 3.1 Beta 2 adds Porn Mode


IDG UK Sites

Motorola Moto G vs Nokia Lumia 530 comparison: What's the best budget smartphone

IDG UK Sites

Everything you need to know about Apple's iPhone Camera in iOS 8

IDG UK Sites

Why you shouldn't trust password managers

IDG UK Sites

How to make an 'Apple iWatch' using an iPod nano and a 3D printer