Security Alert: Mozilla Recommends Downgrade from FF16
Mozilla said it is working on a vulnerability that affects the most recent release of its Firefox browser.
While it is working on a fix, Mozilla has removed the download of Firefox 16 and replaced it with Firefox 15.0.1, which is not affected by the issue. Users who already upgraded to version 16 are recommended to downgrade back to version 15.
According to Mozilla, the confirmed vulnerability "could allow a malicious site to potentially determine which websites users have visited and have access to the URL or URL parameters." Mozilla said it is not aware of any public exploits at this time.
Users who do not want to downgrade to version 15, "can wait until [Mozilla's] patches are issued and automatically applied to address the vulnerability," wrote Mozilla's Michael Coates in a blog post. Of course, that would also mean that the security issue will persist until the fix is available.
[UPDATE] Panic over, everyone. Reader Ira Milner tells us that Firefox 16.01 is now available for download. You can grab it here.
Contact Us for News Tips, Corrections and Feedback
Stay On the Cutting Edge: Get the Tom's Hardware Newsletter
Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.
-
deadlockedworld My firefox just updated itself to vers 16 WHILE READING THIS ARTICLE. You would think they would have the common decency to retract the autoupdate before/at the same time as issuing this.Reply -
mousseng Funny. Was looking for their older FF releases the other day (they used to host all of them somewhere) and the download page said something to the effect of "our latest releases are the most secure."Reply -
confish21 so Android version huh? https://blog.mozilla.org/security/2012/10/10/security-vulnerability-in-firefox-16/Reply
does this mean the same for desktops? -
You are the one who set the update option to automatically. Just set it to the middle option so it doesn't install automatically.Reply
-
Bloob Well, the version is 16.01 now, and it is what they offer in the main page, so I think it is fixed.Reply -
I will just wait. I have noscript, ghostery, request policy, https everywhere, wot, flashblock, better privacy, and adblock addons working together. I think that is enough for the moment, just don't need to visit suspicious sites.Reply
-
deadlockedworld yarmockYou are the one who set the update option to automatically. Just set it to the middle option so it doesn't install automatically.Reply
Yea yea I know. But still, they could have turned it off for us common people.