Mozilla last patched Firefox 2.0 in April.
Firefox 188.8.131.52 addresses 13 vulnerabilities, five of them rated “critical” by the open-source company, according to advisories posted on Mozilla’s site Tuesday. Of the remaining bugs, 4 were labeled “high,” 2 as “moderate,” and 2 as “low.”
Interestingly, one of the critical vulnerabilities isn’t within the browser per se, but crops up only when one or more add-ons, dubbed “extensions” by Mozilla, are also installed. “Firefox itself does not use this feature in a vulnerable way and users who have not installed any add-ons are not at risk,” read the advisory. “We have, however, identified popular add-ons using this feature whose users are at risk and there are no doubt others.”
While some of the vulnerabilities’ advisories specifically said that Firefox 3.0 is not affected or that the bug had been crushed before Mozilla rolled out the final version of its new browser June 17, the two ranked “low” omitted mention of Firefox 3.0.
Firefox 184.108.40.206 can be downloaded from the Mozilla site in versions for Windows, Mac OS X and Linux. Users running Firefox 2.0 can call up the browser’s built-in updater or wait for the automatic update notification, which typically appears within 24 to 48 hours after Mozilla posts a new version.
Mozilla also noted on its Web site Wednesday that Firefox 2.0 would roll off its support list in the middle of December 2008, approximately six months after the release of Fire 3.0.
“Firefox 2.0.0.x will be maintained with security and stability updates until mid-December, 2008,” the company said. “All users are encouraged to upgrade to Firefox 3.”
Mozilla’s standard policy is to support older software for only six months after the release of a major update. Last year, however, the company extended the support lifespan of Firefox 1.5 by about a month, saying it needed more time to craft one last security patch for the browser.
This story, "Mozilla patches 13 bugs in Firefox 2" was originally published by Computerworld.