Mozilla forgets Firefox 2 patch
A "clerical error" meant Mozilla omitted one of the security patches that was supposed to be included in Tuesday's Firefox 18.104.22.168 release.
"We don't believe users are at risk right now," said Mike Beltzner, director of Firefox. Beltzner declined to pinpoint the missing patch - one of 10 that were to be included in the update. "I can tell you that it's not one of the severe vulnerabilities and there are no known exploits for it," he said.
Mozilla will release Firefox 22.214.171.124, which will include the omitted patch, no later than Monday.
Tuesday's update was supposed to be the last for Firefox 2.0, which is slated for retirement. Instead, Mozilla plans to call it quits with Firefox 126.96.36.199.
Only the Windows version was affected by the mistake; the Mac and Linux editions contain all 10 fixes.
"Due to a clerical error, and this is embarrassing, we forgot to include one of the patches," said Beltzner. "That means Firefox 188.8.131.52 is not identical across platforms."
Firefox 184.108.40.206 was supposed to include five patches labelled "critical," one "high," two "moderate" and two "low" in Mozilla's four-step scoring system. Of the four in the two less-severe categories, the most serious could be used by attackers to steal information from a user while browsing.
Mozilla had planned to officially retire the older browser on Tuesday, but must now delay that until Version 220.127.116.11 is available. It has been aggressively urging users to upgrade to Firefox 3.0 since that edition launched last June, and since then has twice offered Firefox 2.0 users an update, most recently as two weeks ago. Mozilla estimates that approximately two million users accepted the second upgrade.
When Mozilla wraps up its testing, it will post Firefox 18.104.22.168 to its web site for download. Users will also be able to retrieve it via Firefox's built-in updater, or they can wait for the automatic update notification to appear.
Mozilla isn't the only software maker that has had to re-issue an update. Last June, for example, Microsoft Corp. re-released a patch for Windows XP's implementation of Bluetooth because the fix didn't really fix anything. And in September, Apple was forced to repeat a release of iTunes 8.0 after a buggy driver crashed Windows Vista PCs with the dreaded "blue screen of death."
No responsibility can be taken for the content of external Internet sites.
Return to hosting news headlines
View Hosting News Archive