Mozilla discloses fixes to Firefox flaws

Ten flaws were fixed in Firefox 3.6.2, but details of others have been withheld until Mozilla updates the older Firefox 3.0 and Firefox 3.5 browsers

Mozilla patched more than one vulnerability in Firefox when it updated the browser to version 3.6.2 on Monday, the company confirmed today.

A total of 10 flaws were fixed in Firefox 3.6.2, according to Mozilla's security advisory page, but details of others have been withheld until the company updates the older Firefox 3.0 and Firefox 3.5 browsers. Mozilla is scheduled to ship the updates, Firefox 3.0.19 and Firefox 3.5.9, next Tuesday, March 30.

[ Earlier this week Mozilla issued the Firefox 3.6.2 update to fix a critical flaw in its browser. | Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

Mozilla accelerated the release of Firefox 3.6.2 because a Russian researcher had announced a critical vulnerability in how the browser decodes the Web Open Font Format (WOFF), a Web-based font standard. Only Firefox 3.6 supports WOFF.

However, four of the vulnerabilities already patched in Firefox 3.6.2 also apply to older editions of the browser. One of the 10 fixed flaws that Mozilla ranked as "low" in its four step scoring system, one tagged as "high" and two marked as "critical."

Mozilla patched those bugs last month when it issued Firefox 3.0.18 and Firefox 3.5.8.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is .

Read more about security in Computerworld's Security Knowledge Center.

Correction: This story as originally posted erroneously stated that Mozilla had released technical details of unpatched vulnerabilities. Those flaws were actually patched in February; Mozilla kept that information secret. The article has been amended.