Mozilla Readies Patched Firefox
The "release candidates," which aren't quite final but are available for download and testing, fix the vulnerability in the browsers' support for international domain names (IDN). Other security patches have been added to the new versions -- dubbed Firefox 1.0.7 and Mozilla 1.7.12 -- including regression fixes for problems which popped up again after once being corrected.
Release candidates for both Firefox and Mozilla in editions that run under Windows, Mac OS X, and Linux can be downloaded from the Mozilla Quality site.
Although the IDN bug also affects Firefox 1.5 Beta 1, that preview version, intended primarily for developers, has not yet been patched. A workaround earlier offered by Mozilla, however, will disable IDN support in the beta and block any exploit.