Although Mozilla patched one more Firefox bug last week than first reported, the researcher whose work has plagued the open-source browser for weeks has released details about another flaw.
"The big difference in the two browsers is that Firefox 126.96.36.199 displays the correct address for the redirected site in the address bar," Symantec said in a warning. "IE7, however, continues to display the URL that the user typed into the address bar, leading to a false sense of security."
Mozilla fixed 15 flaws last week in Firefox 188.8.131.52 and 184.108.40.206, as opposed to the 14 that were first reported. An overlooked security update in the revised browsers patches another Zalewski vulnerability, Mozilla said yesterday.
"Firefox 220.127.116.11 update includes fixes for the bugs that researcher Michael Zalewski reported last week, including the hostname vulnerability, cookie issue, and memory corruption issue," said Window Snyder, Mozilla's chief security executive.
"It was just a mistake," a Mozilla spokesman said regarding why Friday's list of patched bugs had originally omitted the 15th fixed flaw. The list has since been changed to reflect all the included patches.