Mozilla has released the latest update for its Firefox web browser. Firefox version 2.0.0.2 patches 14 recently discovered security holes , three of them critical, but does not include patches for several security flaws found this month by Polish researcher Michal Zelewski.
"Neither of those will make this release," said Daniel Veditz of the Mozilla security team. "It is important that we get the security fixes we have into the hands of our users."
Of the bugs found by Zelewski that haven't been fixed in the latest Firefox updates, the most serious is a memory corruption flaw that could let attackers inject code remotely into computers running Firefox by simply luring users to visiting a malicious web page.
"Firefox is susceptible to a seemingly pretty nasty, and apparently easily exploitable, memory corruption vulnerability," wrote Zelewski in the Bugzilla database. Also unrepaired in the latest browser versions is a third bug reported by Zelewski that could benefit cybercriminals when running phishing attacks.
The 2.0.0.2 version adds better support for Microsoft's Windows Vista operating system. There are still a few functions that won't work in Windows Vista but, according to Mozilla, these will be fixed in the next Firefox update.
"Due to the security fixes, we strongly recommend that all Firefox users upgrade to these latest releases," Mozilla said in a post on its development site. The Firefox update can be found in the Check for Updates command in the Help menu, or downloaded from Mozilla's website .
Mozilla also said it would stop issuing security and stability updates to Firefox 1.5.0.10 on 24 April.
