Mozilla announced yesterday that it would release a security patch for its popular Firefox browser that would repair a long-standing security flaw. The 2.0.0.10 update is currently in testing, but it is to be launched next week. "We are giving it a couple of days to make sure that there are no issues found and we'll release it after Thanksgiving," Mike Schroepfer, Mozilla Corp.’s vice president of engineering, said yesterday.

The company is calling on the open source Internet browser community to test the browser during a quality assurance “testday” this Friday.

The 2.0.0.10 update is very important because the flaw it is to fix was first reported last February, although it gained widespread attention only earlier this month, when researcher Petko Petkov wrote about it on his blog, saying that the issue could be used to launch a cross-site scripting attack against Mozilla’s popular browser.

The problem has to do with Firefox’s incapability of properly checking files that are compressed with the Java Archive (.jar) format, which allows the hackers to sneak malicious code into the Jar-compressed documents.

Mozilla is currently developing also Firefox 3.0, which will bring new security features and tools and which is set to launch in early 2008.