Firefox 2 and 1.5 security updates released

Mozilla will support Firefox 1.5 only until April 24; users are encouraged to update to 2.0.

Robert Vamosi Former Editor

As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.

See full bio

Robert Vamosi

March 21, 2007 4:09 a.m. PT

Mozilla on Monday released security updates for Firefox 2 and Firefox 1.5. Security updates for Firefox 1.5 will be available only until April 24, 2007, when Mozilla will stop supporting the earlier version. Mozilla is encouraging current 1.5 users to upgrade to 2.0 soon. Current users of Firefox 2.0 and 1.5 will receive an automatic update notification and will need to reload the browser for the changes to take effect. Changes in this update patch a flaw in the FTP protocol used by Firefox.

It has been reported that a specially-coded FTP server could use this vulnerability to perform a rudimentary port-scan of machines inside the firewall. Mozilla says the vulnerability by itself poses no danger, but information about an internal network may be revealed and become useful to an attacker should there be other vulnerabilities present on the network. This update was first tested in beta release by Mozilla a few days ago.