Editor’s Note: This story is excerpted from
Computerworld. For more Mac coverage, visit
Computerworld’s Macintosh Knowledge Center.
After patching its older
Firefox 2.0 Tuesday to quash 13 bugs,
Mozilla announced that it would end support for the browser in mid-December.
last patched Firefox 2.0 in April.
Firefox 220.127.116.11 addresses 13 vulnerabilities, five of them rated “critical” by the open-source company, according to
advisories posted on Mozilla’s site Tuesday. Of the remaining bugs, 4 were labeled “high,” 2 as “moderate,” and 2 as “low.”
Three of the five critical flaws could be exploited by attackers to execute malicious code, said Mozilla, while the
Interestingly, one of the critical vulnerabilities isn’t within the browser per se, but crops up only when one or more add-ons, dubbed “extensions” by Mozilla, are also installed. “Firefox itself does not use this feature in a vulnerable way and users who have not installed any add-ons are not at risk,” read the
advisory. “We have, however, identified popular add-ons using this feature whose users are at risk and there are no doubt others.”
Among the extensions called out by Firefox programmers in the
write-up on Bugzilla, Mozilla’s bug tracking and management system, was
Google’s Google Toolbar.
While some of the vulnerabilities’ advisories specifically said that Firefox 3.0 is not affected or that the bug had been crushed before Mozilla rolled out the final version of its new browser June 17, the two ranked “low” omitted mention of Firefox 3.0.
Firefox 18.104.22.168 can be downloaded from the
Mozilla site in versions for Windows,
Mac OS X and Linux. Users running Firefox 2.0 can call up the browser’s built-in updater or wait for the automatic update notification, which typically appears within 24 to 48 hours after Mozilla posts a new version.
Mozilla also noted on its Web site Wednesday that Firefox 2.0 would roll off its support list in the middle of December 2008, approximately six months after the release of Fire 3.0.
“Firefox 2.0.0.x will be maintained with security and stability updates until mid-December, 2008,” the company said. “All users are encouraged to upgrade to Firefox 3.”
Mozilla’s standard policy is to support older software for only six months after the release of a major update. Last year, however, the company
extended the support lifespan of Firefox 1.5 by about a month, saying it needed more time to craft one last security patch for the browser.