RealTime IT News

Mozilla misses a flaw. Firefox 2.0.0.20 coming Friday

sr-firefox3.jpg
From the "no one is perfect" files:

As it turns out Firefox 2.0.0.19 IS NOT the final Firefox 2.x release. Mozilla has admitted that it missed patching a flaw in Firefox 2.0.0.19 and is now in the process of pushing out a patched version in Firefox 2.0.0.20.

The exact flaw that was missed by Mozilla is not being publicly reported at this time. At first Mozilla meeting notes on the issue simply stated:

The Firefox 2.0.0.19 build we shipped was incomplete
* Going to ship a Firefox 2.0.0.20 (sad face) as soon as possible

In a mailing list posting Mozilla developer Mike Beltzner provided just a little bit more detail.
We missed a fix due to an innocent clerical error in the build  process, and will now be including it. No big deal.

Beltnzer added that it was a Windows-only omission, and happened at the point where Mozilla packages and signs builds.

Seems innocent enough. But in my opinion still a cause for concern. Reverse engineering flaws is not an easy process, but its not impossible. With simple tools like Metasploit out there that 'weaponize' vulnerabilities for point and click execution there is an obvious need for a quick patch here. That said, Mozilla has updated Firefox 3.x properly and it is encouraging all 2.x users to move to 3.x. So hey you Firefox 2.x users - here's another wakeup call for you!

Comment and Contribute