Mozilla plugs 13 holes in Firefox, retires older 2.0 browser

Urges Firefox 2.0 users to upgrade to the newer version as it drops support and ditches antiphishing protection

Mozilla late Tuesday patched 13 bugs in Firefox, nearly half of them labeled "critical," as it closed support for the two-year-old Firefox 2.0 by releasing that version's final security update.

The update patched slightly more vulnerabilities in Firefox than the last two security updates in November and late September.

Firefox 3.0.5 fixes a total of 11 flaws, six rated "critical," one "high," one "moderate" and three "low" in Mozilla's four-step scoring system. Most of the critical bugs could be used by hackers to crash the browser, introduce their own malicious code into a vulnerable system or both.

Among the most serious were a trio of vulnerabilities in the browser's layout and JavaScript engines, while others included XML binding and session restore bugs that could let hackers conduct cross-site scripting attacks, which are often used in sophisticated identity theft schemes. Tuesday's fixes in the layout and JavaScript engines follow an identical number of patches applied to the same components last month.

The single vulnerability pegged as high also involves data theft, but how much information criminals might be able to steal was tough to predict, Mozilla said. "How much data could be at risk would depend on the format of the data and how the JavaScript parser attempts to interpret it," the advisory said. "For most files, the amount of data that can be recovered would be limited to the first word or two. Some data files might allow deeper probing with repeated loads."

Mozilla also updated the older Firefox 2.0 line to Version 2.0.0.19, patching 10 vulnerabilities in all, eight of them shared with 3.0.5. Of the total, only three were rated critical.

As per Mozilla's support policy, Tuesday's Firefox Version 2.0.0.19 was the final security update for the browser that debuted in October 2006. "Mozilla is not planning any further security and stability updates for Firefox 2, and recommends that you upgrade to Firefox 3 as soon as possible," said Samuel Sidler, a Mozilla engineer, in a post to the "mozilla.dev.planning" message group Tuesday. "It's free, and your settings and bookmarks will be preserved."

Although the older browser is now officially retired, users can, of course, continue to use it. However, as Sidler mentioned, Mozilla has urged users to upgrade to Firefox 3.0, which launched last June. Since then, it has twice offered what it dubs a "major update" to users of the older browser, hoping to get them to move up. The most recent upgrade offer went out two weeks ago. Mozilla plans to make one final offer sometime early next month.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Firefox

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Computerworld
Show Comments

Father’s Day Gift Guide

Brand Post

PC World Evaluation Team Review - MSI GT75 TITAN

"I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it."

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?