Firefox users will be receiving automatic updates to their Firefox 1.5 and 2.0 browsers after the Mozilla Foundation released updated versions of the code.
A variety of features have been fixed mostly concerned with usability. Only one part of the update is security related, pertaining to the FTP protocol found in both versions of the browser.
"The specification of the FTP protocol allows the server response to include an alternative server address, although this is rarely used in practice," said Mozilla.
"A user reported that a malicious web page hosted on a specially-coded FTP server could use this feature to perform a rudimentary port scan of machines inside the firewall of the victim.
"By itself this causes no harm, but information about an internal network may be useful to an attacker should there be other vulnerabilities present on the network."
Other issues fixed in version 2.0 include allowing software updates on computers where the user does not have administrator access, and modifications to the way the browser handles sites like Gmail when the browser is restored after a crash.
It also fixes various compatibility problems with Windows Vista, for which Mozilla suggests Firefox 2.0 as the preferred browser.
Version 1.5 fixes include resolutions to the numerous problems with Apple computers using the Rosetta translator, PDF incompatibility for Windows machines and a fix allowing proper use of Gnome with Fedora Core 3.
Mozilla is recommending all users to upgrade to version 2.0 of the browser before support for version 1.5 is cut off on 24 April, although the older software is still available for download.
Firefox users urged to update
By Iain Thomson on Mar 22, 2007 11:55AM