RealTime IT News

One Flaw And a First For Latest Firefox Update

Typically when Mozilla updates its Firefox browser, it includes a number of security updates. For Firefox and 1.5.11, that number is one. The update also marks the first time Firefox has benefited from an expanded community effort.

The one flaw is of the low impact variety and addresses the manner in which Firefox handles a certain FTP command. According to Mozilla's security advisory, a malicious Web page could potentially exploit the PASV (passive) command in FTP to potentially perform a port scan of an internal network.

By itself, the Mozilla advisory notes, the port scan causes no harm, but information about an internal network may be useful to an attacker should there be other vulnerabilities present on the network. Port scans are often seen as the first step for hackers in enumerating targets.

Mozilla has now plugged the potential hole in the new release as well as fix for the 1.5.x series with Firefox 1.5.11.

The one security fix is a dramatic drop from the Firefox release, which patched at least seven flaws, including a critical password vulnerability bug last November.

A new aspect of the release is that Mozilla has taken advantage of an expanded testing effort by engaging users with a broader community beta program for Firefox point releases.

Mozilla had been issuing releases candidates in the lead up to the official release of Firefox 2. Anyone who downloaded and installed a pre-release version of Firefox 2 became part of the beta program. Those same users are now going to be part of beta program for individual Firefox point releases.

"We currently have hundreds of thousands of members worldwide and hope to expand the program in the coming months," Christopher Beard, vice president of marketing and products told internetnews.com. "Expanding our beta program to our minor releases will improve the overall effectiveness and quality of our security and stability release process."