Mozilla has patched Firefox to fix 11 bugs, including one from three weeks ago that posed a threat to users who had installed any of the more than 600 add-ons for the open-source browser.
Firefox 220.127.116.11 fixed four vulnerabilities that Mozilla ranked 'critical', one it pegged 'high' and three each rated as 'moderate' and 'low', according to the security advisory posted last week. The new edition patched more flaws than any update since July 2007. Mozilla last patched Firefox in November.
Although it didn't receive Mozilla's highest threat ranking, the vulnerability in the browser's chrome: Uniform Resource Identifier (URI), disclosed by researcher Gerry Eisenhaur, got the most attention. That bug, which Eisenhaur said could be exploited through a huge number of Firefox's extensions, had been the subject of several blog postings by Window Snyder, Mozilla's chief of security.
She added another on Friday. "This security update addresses the directory traversal issue," Snyder said.
For more security news, reviews and tutorials, see Security Advisor