Mozilla Corp. yesterday took the unusual step of patching a single vulnerability in its Firefox browser, but it will resume regular multiple-fix security updates with the next release, which is slated to debut before April 24.


Firefox 2.0.0.3 and Firefox 1.5.0.11 — Mozilla currently supports two branches of the open-source application — both fix a single flaw, according to the release notes posted on the company’s Web site.


Mozilla said that the patched bug, though rated as a low threat, could be used by attackers to run a rudimentary port scan of systems within the same perimeter as the victimized machine. The attacker, however, would have to craft a malicious Web site and host it on an FTP server and then con users into visiting the page.


ComputerWorld