Mozilla Corp. yesterday took the unusual step of patching a single
vulnerability in its Firefox browser, but it will resume regular
multiple-fix security updates with the next release, which is slated to
debut before April 24.
Firefox 22.214.171.124 and Firefox 126.96.36.199 — Mozilla currently
supports two branches of the open-source application — both fix a
single flaw, according to the release notes posted on the company’s Web site.
Mozilla said that the patched bug, though rated as a low threat, could
be used by attackers to run a rudimentary port scan of systems within
the same perimeter as the victimized machine. The attacker, however,
would have to craft a malicious Web site and host it on an FTP server
and then con users into visiting the page.