Mozilla Withdraws Firefox 16 Due To Security Flaw

Mozilla has admitted to a FireFox 16 security flaw that could allow a malicious site to see what websites users have been visiting.

The developer says that it has not seen any indication of the flaw being exposed in the wild but as a precaution it has withdrawn the latest version of its web browser while it fixes the problem.

It has provided instructions for users who want to downgrade to Firefox 15.0.1, the last version unaffected by the flaw, but this will not be done automatically.

Firefox 16 Security Flaw

“Mozilla is aware of a security vulnerability in the current release version of Firefox (version 16). We are actively working on a fix and plan to ship updates tomorrow. Firefox version 15 is unaffected,” said Michael Coates, Director of Security Assurance. “The vulnerability could allow a malicious site to potentially determine which websites users have visited and have access to the URL or URL parameters.  At this time we have no indication that this vulnerability is currently being exploited in the wild.”

“Firefox 16 has been temporarily removed from the current installer page and users will automatically be upgraded to the new version as soon as it becomes available.  As a precaution, users can downgrade to version 15.0.1,” he continued. “Alternatively, users can wait until our patches are issued and automatically applied to address the vulnerability.”

It is believed that the flaw affects all versions of Firefox 16, including Windows, Mac, Linux and Android. A patch for the Android browser has been rolled out and can be downloaded from the Google Play store now.

Last month, Mozilla was forced to issue a quick fix to an embarrassing flaw in Firefox 15 that exposed the activity of those using private browsing mode.

What do you know about Firefox? Find out with our quiz!