Mozilla has taken the unusual step of patching a single vulnerability in its Firefox open source browser, but it will resume regular multiple-fix security updates with the next release, which is due before 24 April.
Firefox 220.127.116.11 and Firefox 18.104.22.168 - Mozilla currently supports two branches of the open-source application - both fix a single flaw, according to the release notes posted on the company's Web site.
Mozilla said that the patched bug, though rated as a low threat, could be used by attackers to run a rudimentary port scan of systems within the same perimeter as the compromised machine. The attacker, however, would have to craft a malicious Web site, host it on an FTP server and then con users into visiting the page.
Earlier this month, Mozilla highlighted the problem this new patch fixes, saying it had inadvertently created a "regression" bug, an unintended flaw introduced by changes to an earlier version of the browser.
Although Mozilla announced last year that it would stop issuing security updates for Firefox 1.5 from 24 April, it seems one last batch of patches will be released for the older edition. A message from a Mozilla developer posted more than two weeks ago said that the next versions, 22.214.171.124 and 126.96.36.199, would be "the next regular security/stability releases".
By security software supplier Symantec's count, Firefox on an upbeat note on security; it received patches for 40 bugs in the last six months of the year, compared to the 54 fixes released for rival browser Internet Explorer.
So far in 2007, Mozilla has addressed nine bugs in Firefox, while Microsoft has fixed four in IE.