[shadow] "As soon as we got the report that users might be impacted, we began evaluating our options," said Mike Schroepfer, director of engineering at the Mozilla Foundation. Firefox version 1.0.7 and Mozilla version 1.7.12, which fix the IDN flaw, are now being tested, he said. "We're releasing as soon as we possibly can."
The testing process is to make sure the updates don't introduce any compatibility problems, he said.
In addition to patching the IDN bug, the new releases include one functionality fix and a handful of fixes for yet undisclosed security problems, Schroepfer said.
The Mozilla Foundation, which distributes and coordinates the development of Firefox and Mozilla, responded swiftly to the IDN bug disclosure last week and within 24 hours provided a temporary fix. Though the fix disables support for IDNs, the new updates that are now being tested will actually fix the vulnerability and re-enable IDNs, Schroepfer said. [/shadow]