Sign in with
Sign up | Sign in

Security Alert: Mozilla Recommends Downgrade from FF16

By - Source: Mozilla | B 20 comments

Mozilla said it is working on a vulnerability that affects the most recent release of its Firefox browser.

While it is working on a fix, Mozilla has removed the download of Firefox 16 and replaced it with Firefox 15.0.1, which is not affected by the issue. Users who already upgraded to version 16 are recommended to downgrade back to version 15.

According to Mozilla, the confirmed vulnerability "could allow a malicious site to potentially determine which websites users have visited and have access to the URL or URL parameters." Mozilla said it is not aware of any public exploits at this time.

Users who do not want to downgrade to version 15, "can wait until [Mozilla's] patches are issued and automatically applied to address the vulnerability," wrote Mozilla's Michael Coates in a blog post. Of course, that would also mean that the security issue will persist until the fix is available.

[UPDATE] Panic over, everyone. Reader Ira Milner tells us that Firefox 16.01 is now available for download. You can grab it here.

Contact Us for News Tips, Corrections and Feedback           

Discuss
Ask a Category Expert

Create a new thread in the News comments forum about this subject

Example: Notebook, Android, SSD hard drive

This thread is closed for comments
Top Comments
  • 15 Hide
    esrever , October 11, 2012 6:31 PM
    Well Im way too lazy to downgrade.
  • 10 Hide
    deadlockedworld , October 11, 2012 6:34 PM
    My firefox just updated itself to vers 16 WHILE READING THIS ARTICLE. You would think they would have the common decency to retract the autoupdate before/at the same time as issuing this.
Other Comments
  • 15 Hide
    esrever , October 11, 2012 6:31 PM
    Well Im way too lazy to downgrade.
  • Display all 20 comments.
  • 10 Hide
    deadlockedworld , October 11, 2012 6:34 PM
    My firefox just updated itself to vers 16 WHILE READING THIS ARTICLE. You would think they would have the common decency to retract the autoupdate before/at the same time as issuing this.
  • 3 Hide
    mousseng , October 11, 2012 6:37 PM
    Funny. Was looking for their older FF releases the other day (they used to host all of them somewhere) and the download page said something to the effect of "our latest releases are the most secure."
  • 0 Hide
    confish21 , October 11, 2012 6:38 PM
    so Android version huh? https://blog.mozilla.org/security/2012/10/10/security-vulnerability-in-firefox-16/

    does this mean the same for desktops?
  • 0 Hide
    yarmock , October 11, 2012 6:39 PM
    You are the one who set the update option to automatically. Just set it to the middle option so it doesn't install automatically.
  • 5 Hide
    Bloob , October 11, 2012 6:48 PM
    Well, the version is 16.01 now, and it is what they offer in the main page, so I think it is fixed.
  • 5 Hide
    jupiter optimus maximus , October 11, 2012 6:49 PM
    I will just wait. I have noscript, ghostery, request policy, https everywhere, wot, flashblock, better privacy, and adblock addons working together. I think that is enough for the moment, just don't need to visit suspicious sites.
  • 2 Hide
    puddleglum , October 11, 2012 6:53 PM
    This is just the kind of PR that FF does not need right now.
  • 0 Hide
    COLGeek , October 11, 2012 6:55 PM
    A minor black-eye for FF. Let's do better next time, Mozilla. Thanks.
  • 0 Hide
    deadlockedworld , October 11, 2012 6:58 PM
    yarmockYou are the one who set the update option to automatically. Just set it to the middle option so it doesn't install automatically.


    Yea yea I know. But still, they could have turned it off for us common people.
  • 0 Hide
    icepick314 , October 11, 2012 7:25 PM
    yay for being lazy...

    I was deciding whether to downgrade but the problem didn't sound too bad...

    but it didn't do auto update...I had to check update myself...
  • 1 Hide
    jaquith , October 11, 2012 7:53 PM
    I'm running 16.0.1 so I ass-u-me the exploit is fixed?!

    /edit - just noticed the 'update' - okay I can relax. :) 
  • 1 Hide
    SirGCal , October 11, 2012 8:39 PM
    COLGeekA minor black-eye for FF. Let's do better next time, Mozilla. Thanks.


    Actually, I don't agree. I think it shows a lot of character to step up and claim responsibility and do so quickly AND pump out the fix quickly as well. They could have done like 'the others' and just brushed it under the rug and did a sly update and denied any problems. Kudos to them for stepping up! is what I say.
  • 0 Hide
    Anonymous , October 11, 2012 9:20 PM
    Good thing that I'm 19 then.
  • 1 Hide
    shovenose2 , October 11, 2012 9:42 PM
    use the new logo please in your articles...
  • 0 Hide
    wlachan , October 11, 2012 9:53 PM
    Disable "warn me when closing multi tabs" still doesn't work, so are script/flash crashes.
  • 0 Hide
    rb420 , October 11, 2012 10:23 PM
    I personally use Waterfox rather than firefox. (It is still on version 15 and unaffected.) I don't know why more people don't switch....
  • 0 Hide
    shovenose2 , October 11, 2012 10:46 PM
    Waterfox is nice because it's 64-bit but I personally prefer to run the actual Mozilla Firefox for faster updates...
  • 0 Hide
    Anonymous , October 11, 2012 11:37 PM
    Google flights doesn't work properly with 16.01. Proper functioning available with 15.01. 16.01 not ready for prime time.
  • 1 Hide
    assasin32 , October 12, 2012 1:08 AM
    Hmm I still got Firefox 3.X not sure what it was before they screwed with the interface and started adopting Chromes "fast" releases or counting fast which is how I like to look at it. Seemed like firefox slowly lost their way and started adopting their competitors styles so I switched to chrome, it seemed like the better of the two between that and IE.