Mozilla pulls day-old Firefox 16 from download site over security risk

 

One day after the release of Firefox 16, Mozilla said it has "temporarily removed" the latest version of its browser because of a security flaw that the company is trying to fix as quickly as possible. The unusual precaution suggests the flaw is a serious one, but there are no reports of it being exploited.

"The vulnerability could allow a malicious site to potentially determine which websites users have visited and have access to the URL or URL parameters," Mozilla Director of Security Assurance Michael Coates wrote. "At this time we have no indication that this vulnerability is currently being exploited in the wild."

Mozilla plans to ship updates tomorrow. But "as a precaution," Mozilla said users may consider downgrading to version 15.0.1, and pointed them to the 15.0.1 download page. "Alternatively, users can wait until our patches are issued and automatically applied to address the vulnerability," Mozilla wrote. Firefox 15 is not affected by the vulnerability.

While the primary Mozilla download site now shows Firefox 15.0.1, Firefox 16 can still be downloaded as of this writing from a separate Mozilla page that lists all the language-specific versions of the browser. Firefox 16 itself fixed 14 vulnerabilities in version 15, including 11 that could allow attackers to install software without any user interaction beyond normal browsing.

Related articles, courtesy of Zemanta:

• Firefox 16.0 Officially Lands in Ubuntu
• Download Mozilla Firefox 16.0 for Linux
• Mozilla looking to simplify browser experience for tablets
• More HTML5 deemed ready-to-use in Firefox 16
• Mozilla looking to simplify browser experience for tablets
• Firefox browser coming to Windows 8 tablets

Posted in: Others