Mozilla has taken the unusual step of patching a single vulnerability in its Firefox open source browser, but it will resume regular multiple-fix security updates with the next release, which is planned to roll out before 24 April.
Firefox 184.108.40.206 and Firefox 220.127.116.11 -- Mozilla currently supports two branches of the open-source application - both fix a single flaw, according to the release notes posted on the company's Web site.
Mozilla said that the patched bug, though rated as a low threat, could be used by attackers to run a rudimentary port scan of systems within the same perimeter as the compromised machine. The attacker, however, would have to craft a malicious Web site and host it on an FTP server and then con users into visiting the page.
Earlier this month, Mozilla highlighted the problem this new patch fixes, sayingit had inadvertently created a "regression" bug, an unintended flaw introduced by changes to an earlier version of the browser.
Although Mozilla announced last year that it would issuing security updates for Firefox 1.5 from 24 April, it seems one last batch of patches will be released for the older edition. A message from a Mozilla developer posted more than two weeks ago said that the next versions, 18.104.22.168 and 22.214.171.124, would be "the next regular security/stability releases".
By security software supplier Symantec's count, Firefox ended last year on an upbeat note on security; it received patches for 40 bugs in the last six months of the year, compared to the 54 fixes released for rival browser Internet Explorer.
So far in 2007, Mozilla has addressed nine bugs in Firefox, while Microsoft has fixed four in IE.
Find your next job with computerworld UK jobs