Update: Mozilla has patched Firefox 16 for a major vulnerability and has re-released the updated browser for download on its main site. Original story below.
Just a day after releasing the newest version of Firefox, version 16, Mozilla has pulled the updated browser over security concerns and advised those who already upgraded to roll back to version 15.
Mozilla noted that it is “actively working” to ship a version of 16 without the security issue and expects it be available Thursday. But “as a precaution,” Mozilla said users should consider downgrading to last version, 15.0.1. That is available for download here.
Michael Coates, Mozilla Director of Security Assurance, said in blog post that the vulnerability could “allow a malicious site to potentially determine which websites users have visited and have access to the URL or URL parameters.”
You can read the full blog post below:
Issue: Mozilla is aware of a security vulnerability in the current release version of Firefox (version 16). We are actively working on a fix and plan to ship updates tomorrow. Firefox version 15 is unaffected.
Impact: The vulnerability could allow a malicious site to potentially determine which websites users have visited and have access to the URL or URL parameters. At this time we have no indication that this vulnerability is currently being exploited in the wild.
Status: Firefox 16 has been temporarily removed from the current installer page and users will automatically be upgraded to the new version as soon as it becomes available. As a precaution, users can downgrade to version 15.0.1 by following these instructions [http://www.mozilla.org/firefox/new/]. Alternatively, users can wait until our patches are issued and automatically applied to address the vulnerability.
Red panda photo via ogwen/Flickr
VB's research team is studying web-personalization... Chime in here, and we’ll share the results.