Sometimes you get the flaw fixed right the first time and sometimes you don't.

For Mozilla, apparently they have not properly fixed at least two types of flaws which they previously claimed to have fixed.

Last week Mozilla released Firefox 2.0.0.5, which was supposed to have fixed a flaw that Mozilla claimed was caused by Microsoft's Internet Explorer.

The flaw had originally been reported on July 10 and involves the "firefoxurl://" uniform resource identifier (URI) handler, which enables Firefox to call on other Web resources.

As part of the 2.0.0.5 release, Mozilla issued an advisory about the "firefoxurl://", stating: "This fix only prevents Firefox and Thunderbird from accepting bad data. This patch does not fix the vulnerability in Internet Explorer."

It turns out that Internet Explorer isn't the only entry point for bad data into Firefox.

"We thought this was just a problem with IE. It turns out, it is a problem with Firefox as well," Window Snyder, Mozilla's chief security officer, wrote in her blog.

"We should have caught this scenario when we fixed the related problem in 2.0.0.5. We believe that defense in depth is the best way to protect people, so we're investigating it now."

Mozilla may also have another lagging security issue related to its password manager system that stores user passwords.

Security researchers at Heise Security have alleged that the password manager flaw that first appeared November 2006 and was claimed to have been fixed in the Firefox 2.0.0.2 update in February 2007 is still open.

Claims that the password manager was not completely fixed are not a new thing; In March of this year, security researcher Robert Chapin alleged that the users were still at risk from the password manager.

This article was first published on InternetNews.com. To read the full article, click here.