Firefox 16 pulled offline following security flaw find

Summary:A day after Firefox 16 was released, Mozilla pulls the download following the discovery of a severe security flaw.

A day after Firefox 16, the latest Web browser version from Mozilla, was made available on its download sites, Mozilla "temporarily" pulled the plug on the download after a major security flaw was discovered.

firefox-16-zaw2

According to the open-source software giant, the firm is "actively working on a fix and plan to ship updates tomorrow," Mozilla's director of security assurance Michael Coates wrote in a blog post.

"The vulnerability could allow a malicious site to potentially determine which websites users have visited and have access to the URL or URL parameters," Coates wrote, but noted that: "At this time we have no indication that this vulnerability is currently being exploited in the wild."

Mozilla has warned users that taking precautionary measures, such as downgrading from Firefox 16 to Firefox 15.0.1, the flaw can be mitigated.

Mozilla is now offering Firefox 15.0.1 instead of the latest version.

Earlier this morning, Mozilla released a patch for Android versions of the browser. The latest version available can be downloaded from the Google Play store.

In June, users warned that HTTPS/SSL-protected websites -- such as banks and online email accounts -- could have their contents viewed by the thumbnail on the new-tab page. Mozilla said there was a "concern" with the browser's privacy and that a fix would be rolled out "in a future version" of the browser.

Topics: Browser, Privacy, Security

About

Zack Whittaker writes for ZDNet, CNET, and CBS News. He is based in New York City.

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.