The Mozilla Foundation plans to "shortly" release new versions of its Firefox and Mozilla Web browsers to address a recently disclosed serious security bug as well as several additional flaws, a representative said Wednesday.

The decision for new, so-called point releases was made after the disclosure last week of a problem in the way the browsers handle International Domain Names, or IDNs, Web addresses that use international characters. The vulnerability could let attackers secretly run malicious software on users' PCs. Hackers have been working on exploits for the flaw.

"As soon as we got the report that users might be impacted, we began evaluating our options," said Mike Schroepfer, director of engineering at the Mozilla Foundation. Firefox version 1.0.7 and Mozilla version 1.7.12, which fix the IDN flaw, are now being tested, he said. "We're releasing as soon as we possibly can."

The testing process is to make sure the updates don't introduce any compatibility problems, he said.

In addition to patching the IDN bug, the new releases include one functionality fix and a handful of fixes for yet undisclosed security problems, Schroepfer said.

The Mozilla Foundation, which distributes and coordinates the development of Firefox and Mozilla, responded swiftly to the IDN bug disclosure last week and within 24 hours provided a temporary fix. Though the fix disables support for IDNs, the new updates that are now being tested will actually fix the vulnerability and re-enable IDNs, Schroepfer said.

IDNs have caused trouble for Mozilla in the past. A Firefox security update in February fixed a flaw that would allow domain spoofing using the special domain names.

As the Mozilla Foundation and the open-source community were working on fixing the IDN flaw, the discoverer of that bug reported yet another issue with Firefox. Security researcher Tom Ferris on Wednesday said that Firefox1.5 beta 1 is vulnerable to a problem similar to the IDN bug he disclosed last week.