Mozilla has updated its now legacy 1.5.x Firefox browser to version 220.127.116.11, with fixes for three critical security flaws.
The flaws do not affect the recently released Firefox 2.0 version. The latest 18.104.22.168 release will also include an update that will make it easier for existing users to get major upgrades from Mozilla.
Among the critical bugs fixed in this version is titled, "Crashes with evidence of memory corruption." The crashes could have been triggered by several bugs. Mozilla's analysis: there was potential for memory corruption that potentially could have been exploited to run arbitrary code.
Mozilla has pledged that it will maintain the Firefox 1.5.x line with stability and security updates until April 24, 2007. Though Mozilla is "strongly encouraging" users to upgrade to Firefox 2.0
One of the issues for some 1.5.x users that have prevented them from upgrading to Firefox 2.0 is that, to date, Firefox 1.5.x has not "advertised" that it can be updated to version 2.0.
Firefox includes a "check for updates" feature that "advertises" updates to users. Until the 22.214.171.124 release the upgrade mechanism only had the ability to advertise minor point release upgrades as opposed to major upgrades.
Those that have downloaded Firefox 2.0 to date have done so by downloading it directly as opposed to getting an automatic update via the "check for updates" notification. While Firefox 126.96.36.199 does include the major update capability it does not yet directly notify users for Firefox 2.0. It is expected that the first major update to be advertised will be the forthcoming Firefox 2.0.1 release.
No responsibility can be taken for the content of external Internet sites.