Mozilla Fixes Security Flaws in Firefox 25 as Interface Updates Debut
In a rare occurrence, Mozilla developers release an out-of-band update that patches five security flaws in Firefox 25.0.1.Open-source Web development organization Mozilla is patching its Firefox Web browser with a rare out-of-band update that addresses five security flaws. The new Firefox 25.0.1 update comes as Mozilla is gearing up its much-anticipated Australis user interface update that will overhaul the way the open-source browser looks. Mozilla moved to a rapid release cycle in 2011 with the debut of Firefox 5; ever since then, new Firefox releases have come out every six to eight weeks in rapid succession, typically without the need for any incremental point update in between. Firefox 25 debuted at the end of October, providing 10 security updates, and is now being updated by Mozilla with a Firefox 25.0.1 point release, fixing five more issues. As to why Mozilla is issuing the security update now and not waiting another two or three weeks until Firefox 26 is released, the company is acting with an abundance of caution to protect its users. "Mozilla is not aware of any active exploits for these issues," Johnathan Nightingale, vice president of Firefox Engineering at Mozilla, told eWEEK. "Nevertheless, once the issue was public, a determined attacker could exploit it. The safest choice was to update our users swiftly."
All five security issues in the Firefox 25.0.1 update involve the Network Security Services (NSS) library, which is the common library that provides a security component to Mozilla applications.