Mozilla Pulls Firefox 16 Due to Security Flaw [Updated]
[Update: Mozilla has released Firefox 16.0.1, which fixes the security flaw described below. The latest version of Firefox is available from the Mozilla downloads page.]
Just a day after releasing Firefox 16, Mozilla has pulled the update due to a serious security vulnerability.
Mozilla’s Director of Security Assurance, Michael Coates, writes on the Mozilla Security Blog that the company is “working on a fix” and plans to ship an updated version of Firefox 16 “tomorrow”, which would be October 11. At the time of writing the Firefox download page is still offering Firefox 15.
The vulnerability could allow a malicious site to “potentially determine which websites users have visited and have access to the URL or URL parameters.” While Coates says that there is “no indication that this vulnerability is currently being exploited in the wild,” he does suggest downgrading to Firefox 15 as a precaution.
Firefox 15 is unaffected but it’s unclear if the same exploit is present in the later versions of Firefox currently in the Beta, Aurora and Nightly Channels. Of course those are all pre-release versions where bugs and vulnerabilities are expected the crop up.