Minor updates for Firefox
The Mozilla Foundation has made versions 184.108.40.206 and 220.127.116.11 of their stand-alone Web browser Firefox for Linux, Mac OS X and Windows available for download. These remove security holes that had enabled attackers to carry out port scans on LANs with the help of a modified FTP server. These scans could have been used to determine networked topology or search for vulnerabilities. They were possible on account of the PASV command, which is used by Firefox to request an alternate data port. The specification of the FTP protocol allowed the server response to include an alternate server address. The new version now simply ignores the alternate server address. In addition, Firefox 18.104.22.168 is said to be compatible with more websites than its predecessor.
The 1.5.0.x branch of Firefox will no longer be supplied with updates after April 24, Mozilla declared. Users have been advised to switch to 22.214.171.124; not least because the more up-to-date branch was more suitable for Windows Vista, the company stated.