Mozilla has taken the unusual step of patching a single vulnerability in its Firefox browser, but plans to resume regular multiple-fix security updates with the next release, which is slated to debut before 24 April.
Firefox 220.127.116.11 and Firefox 18.104.22.168 - Mozilla currently supports two branches of the open-source application - both fix a single flaw, according to the release notes posted on the company's website.
Mozilla said that the patched bug, though rated as a low threat, could be used by attackers to run a rudimentary port scan of systems within the same perimeter as the victimised machine. The attacker, however, would have to craft a malicious website and host it on an FTP server and then con users into visiting the page.
Earlier this month, Mozilla said it was working on a fast-turnaround fix for a so-called ‘regression’ bug, an unintended flaw introduced by changes to an earlier version of the browser. The latest patch was that fix.
Although Mozilla announced last year that it would stop issuing security updates for Firefox 1.5 as of 24 April, it seems one last batch of patches will be released for the older edition. A message from a Mozilla developer posted more than two weeks ago said that the next versions, 22.214.171.124 and 126.96.36.199, would be "the next regular security/stability releases”.
By Symantec's count, Firefox ended 2006 on an upbeat note on security; it received patches for 40 bugs in the last six months of the year, 26 percent fewer than the 54 fixes released for rival browser Internet Explorer. So far in 2007, Mozilla has addressed nine bugs in Firefox, while Microsoft has fixed four in IE.
Firefox 188.8.131.52 can be downloaded from the Mozilla website in versions for Windows, Mac OS X and Linux in 40 languages. Firefox users can also update the browser using the Check for Updates command in the help menu.