Although Mozilla patched one more Firefox bug last week than first reported, the researcher whose work has plagued the open-source browser for weeks has released details about another flaw.
"The big difference in the two browsers is that Firefox 126.96.36.199 displays the correct address for the redirected site in the address bar," Symantec said in a warning Tuesday. "IE7, however, continues to display the URL that the user typed into the address bar, leading to a false sense of security."
Mozilla fixed 15 flaws Friday in Firefox 188.8.131.52 and 184.108.40.206, as opposed to the 14 Computerworld first reported. An overlooked security update in the revised browsers patches another Zalewski vulnerability, Mozilla said Tuesday.
"Firefox 220.127.116.11 update includes fixes for the bugs that researcher Michael Zalewski reported last week, including the hostname vulnerability, cookie issue, and memory corruption issue," Window Snyder, Mozilla's chief security executive, said in an e-mail.
"It was just a mistake," a Mozilla spokesman said regarding why Friday's list of patched bugs had originally omitted the 15th fixed flaw. The list has since been changed to reflect all the included patches.