Mozilla on Tuesday patched the Firefox 2.0 web browser to quash 13 bugs, and then announced that it would end support for the browser in mid-December. Mozilla last patched Firefox 2.0 in April.
Firefox 18.104.22.168 addresses 13 vulnerabilities, 5 of them rated "critical" by the open-source company, according to advisories posted on Mozilla's site Tuesday. Of the remaining bugs, 4 were labeled "high", 2 as "moderate", and two as "low".
Interestingly, one of the critical vulnerabilities isn't within the browser per se, but crops up only when one or more add-ons, dubbed "extensions" by Mozilla, are also installed.
"Firefox itself does not use this feature in a vulnerable way and users who have not installed any add-ons are not at risk," read the advisory .
"We have, however, identified popular add-ons using this feature whose users are at risk and there are no doubt others."
Among the extensions called out by Firefox programmers in the write-up on Bugzilla, Mozilla's bug tracking and management system, was Google's Google Toolbar.
While some of the vulnerabilities' advisories specifically said that Firefox 3.0 is not affected or that the bug had been crushed before Mozilla rolled out the final version of its new browser June 17, the two ranked "low" omitted mention of Firefox 3.0.
Firefox 22.214.171.124 can be downloaded from the Mozilla site in versions for Windows, Mac OS X and Linux. Users running Firefox 2.0 can call up the browser's built-in updater or wait for the automatic update notification, which typically appears within 24 to 48 hours after Mozilla posts a new version.
Mozilla also noted on its website yesterday that Firefox 2.0 would roll off its support list in the middle of December 2008, approximately six months after the release of Firefox 3.0.
"Firefox 2.0.0.x will be maintained with security and stability updates until mid-December, 2008," the company said. "All users are encouraged to upgrade to Firefox 3.0."
Mozilla's standard policy is to support older software for only six months after the release of a major update. Last year, however, the company extended the support lifespan of Firefox 1.5 by about a month, saying it needed more time to craft one last security patch for the browser.