Mozilla misses a flaw. Firefox 126.96.36.199 coming Friday
As it turns out Firefox 188.8.131.52 IS NOT the final Firefox 2.x release. Mozilla has admitted that it missed patching a flaw in Firefox 184.108.40.206 and is now in the process of pushing out a patched version in Firefox 220.127.116.11.
The exact flaw that was missed by Mozilla is not being publicly reported at this time. At first Mozilla meeting notes on the issue simply stated:
The Firefox 18.104.22.168 build we shipped was incomplete
* Going to ship a Firefox 22.214.171.124 (sad face) as soon as possible
We missed a fix due to an innocent clerical error in the build process, and will now be including it. No big deal.
Beltnzer added that it was a Windows-only omission, and happened at the point where Mozilla packages and signs builds.
Seems innocent enough. But in my opinion still a cause for concern. Reverse engineering flaws is not an easy process, but its not impossible. With simple tools like Metasploit out there that 'weaponize' vulnerabilities for point and click execution there is an obvious need for a quick patch here. That said, Mozilla has updated Firefox 3.x properly and it is encouraging all 2.x users to move to 3.x. So hey you Firefox 2.x users - here's another wakeup call for you!