Mozilla Corp. patched its flagship Firefox browser Thursday with fixes for six vulnerabilities, one of which was stamped "critical" by the open-source developer. This was the third time Mozilla has updated Firefox in 2007.
The updates bring the current browser to Version 220.127.116.11, and the 2005 edition to 18.104.22.168.
The updates also fix a pop-up bug that could be used to mask parts of the browser, such as the address bar; a cross-site scripting vulnerability; a problem with how the browsers handle cookies; and a flaw that could let attackers crash Firefox using its autocomplete feature.
Firefox 22.214.171.124 can be downloaded from the Mozilla Web site for Windows, Mac OS X and Linux; Firefox 126.96.36.199, meanwhile, is available from a different page. Current users can also update using the Check for Updates command in the help menu.
Mozilla also reiterated that Thursday's patches would be Firefox 1.5's last, and said that an update to Firefox 188.8.131.52 would be offered to its users "over the coming weeks."
Although Firefox ended 2006 on an upbeat security note according to Symantec Corp. -- the anti-virus vendor tallied 40 patches in the last six months of the year, 26 percent fewer than the 54 released for rival browser Internet Explorer -- so far this year, Mozilla has addressed more than twice as many vulnerabilities as IE. In the first five months of 2007, 22 bugs in Firefox have been patched, 9 of which were pegged as critical. Microsoft Corp. has fixed only 8 in IE; 7 were labeled critical.