Mozilla on Monday released security updates for Firefox 2 and Firefox 1.5. Security updates for Firefox 1.5 will be available only until April 24, 2007, when Mozilla will stop supporting the earlier version. Mozilla is encouraging current 1.5 users to upgrade to 2.0 soon. Current users of Firefox 2.0 and 1.5 will receive an automatic update notification and will need to reload the browser for the changes to take effect. Changes in this update patch a flaw in the FTP protocol used by Firefox.
It has been reported that a specially-coded FTP server could use this vulnerability to perform a rudimentary port-scan of machines inside the firewall. Mozilla says the vulnerability by itself poses no danger, but information about an internal network may be revealed and become useful to an attacker should there be other vulnerabilities present on the network. This update was first tested in beta release by Mozilla a few days ago.