Must Read: Sorry, but bringing back the Start menu won't help Windows 8

Topic: Browser

Firefox 16 pulled offline following security flaw find

Summary: A day after Firefox 16 was released, Mozilla pulls the download following the discovery of a severe security flaw.

Zack Whittaker

By for Zero Day |

A day after Firefox 16, the latest Web browser version from Mozilla, was made available on its download sites, Mozilla "temporarily" pulled the plug on the download after a major security flaw was discovered.

firefox-16-zaw2

According to the open-source software giant, the firm is "actively working on a fix and plan to ship updates tomorrow," Mozilla's director of security assurance Michael Coates wrote in a blog post.

"The vulnerability could allow a malicious site to potentially determine which websites users have visited and have access to the URL or URL parameters," Coates wrote, but noted that: "At this time we have no indication that this vulnerability is currently being exploited in the wild."

Mozilla has warned users that taking precautionary measures, such as downgrading from Firefox 16 to Firefox 15.0.1, the flaw can be mitigated.

Mozilla is now offering Firefox 15.0.1 instead of the latest version.

Earlier this morning, Mozilla released a patch for Android versions of the browser. The latest version available can be downloaded from the Google Play store.

In June, users warned that HTTPS/SSL-protected websites -- such as banks and online email accounts -- could have their contents viewed by the thumbnail on the new-tab page. Mozilla said there was a "concern" with the browser's privacy and that a fix would be rolled out "in a future version" of the browser.

Topics: Browser, Privacy, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

10 comments
Log in or register to join the discussion

  • How is this a security flaw?

    "The vulnerability could allow a malicious site to potentially determine which websites users have visited and have access to the URL or URL parameters,"

    So what if you have access to the sites I've visited or my query strings?
    General C#
    Reply Vote

    • umm...

      Why don't you just post up your name and address here? So what if someone knows it?
      ejhonda
      Reply Vote

  • Is Mozilla's 6 week release cycle too short?

    Why not back off a bit? How about an 8 week release cycle?

    This flaw was clearly introduced with Firefox 16. Otherwise, Mozilla wouldn't have warned users to downgrade to Firefox 15.0.1. Which begs yet another question, why recommend the downgrade when there are a whole host of security vulnerabilities for Firefox 15?
    Rabid Howler Monkey
    Reply 1 Vote

  • Has Firefox become its own worst problem?

    Maybe the single biggest problem for Firefox is itself. I have always questioned its frequent updates just as a point to keep up with Chrome which I question their frequent version changes too. But releasing a new version and finding a flaw so soon after its release has to send up some sort of warning to Mozilla that maybe this frequent cycle is not so good. But just pulling the update of version 16 does not address those that had it automatically update already? Should they down grade? Or should they implement some sort of temp solution? It seems Mozilla fails to address the more important issue of the current users of Firefox 16.
    jscott418-22447200638980614791982928182376
    Reply Vote

    • become?

      Mozilla has been its own worst enemy for years, ever since Chrome started to pull away Firefox users. Mozilla's response: make Firefox look more like Chrome to drive away even more Firefox users.

      I use Firefox because 3rd party add-on developers make it the best browser for me despite the efforts of the Mozilla developers to fubar Firefox.

      Tangent: I don't think Firefox users should have a vote in Firefox design decisions, but I think add-on developers whose add-ons have been downloaded 10,000 or more times should have as much say in Firefox's design as Mozilla developers. That should include deciding whether the current release cycle is too short.
      hrlngrv 
      Reply Vote

  • Firefox 16 pulled offline following security flaw find

    That explains why I couldn't install it last night. Hoping for a speedy fix.
    Loverock Davidson-
    Reply Vote

  • RE: Fixed

    Version 16.0.1 is out. I just upgraded to it via the Help/About Firefox method.
    edkollin
    Reply Vote

  • Honesty ? Thanks Mozilla

    The really funny thing about this is none of the other Browser Builders even mention any faults, they just pump out patches. And who are we kidding ? Online is just a spy vs spy highway.
    Chashew
    Reply Vote

  • The Trouble with Rehashing Old News!!!!

    The FF Beta Release channel is already up to version 19, so a story represented as news is obsolete. Many times a story 3 or 4 months or older only presents obsolete information. I was probably OK at the time of release, but talking about FF16 when the latest release is FF19 doesn't present much of any value. When we talk about Browsers and some other software, the information goes out of relevance quickly.
    rgeiken@...
    Reply Vote

  • Old News?

    rgeiken@, and the point of your comment posted months later is...?... As you yourself said, "it was probably ok at the time". It was.

    You can be the fellow who selectively deletes 'old news' on tech websites...
    DAS01
    Reply Vote
CNET Join | Log In | Privacy | Cookies Close