Firefox update delivers low priority patch

Stephen Withers
Thursday, 22 March 2007 03:27

Business IT - Technology

The popular Firefox open-source web browser for Windows, Mac OS X and Linux has received a security update for versions 1.5 and 2.0.

The security issue is that a feature of FTP (file transfer protocol) can be exploited by a maliciously-coded server "to perform a rudimentary port-scan of machines inside the firewall of the victim."

Firefox and other Mozilla clients now ignore any alternative server address  provided in a response to the PASV command, thus preventing the 'low impact' exploit from functioning.

The new version can be downloaded from the Mozilla website, or the update applied by using the 'Check for Updates' command in Firefox's Help menu.

The Firefox 2.0.0.3 update also fixes "various web compatibility regressions" - that is, problems introduced by previous updates have been repaired.

No further updates to Firefox 1.5 will be released after 24 April 2007, but one last version (1.5.0.12) is expected by then.