Oops! Mozilla forgets Firefox 2 patch, must re-issue update

From InfoWorld: A "clerical error" by Mozilla omitted one of the security patches that was supposed to be included in the Windows version of Tuesday's Firefox 2.0 .0.19 release, a company executive said Wednesday.

"We don't believe users are at risk right now," said Mike Beltzner , director of Firefox. Beltzner declined to pinpoint the missing patch -- one of 10 that were to be included in the update -- to make it more difficult for attackers to take advantage of the snafu. "I can tell you that it's not one of the severe vulnerabilities and there are no known exploits for it," he said.

Mozilla will release Firefox 2.0.0.20, which will include the omitted patch, as early as Friday and no later than Monday.

Tuesday's update was supposed to be the last for Firefox 2.0, which is slated for retirement. Instead, Mozilla plans to call it quits with Firefox 2.0.0.20.

Only the Windows version was affected by the mistake; the Mac and Linux editions contain all 10 fixes.

View: Article @ Source Site