Firefox 16 has a huge security vulnerability, do not upgrade until Firefox 16.0.1 is released

Update: Firefox 16.0.1 is out now. See this article for more information.

As I was trolling the web to find interesting tidbits to share with dotTechies, I learned that Firefox 16 has been released. I set the story aside for publication later in the day. Once later in the day arrives, as I sit down to write and edit articles, I see something about Firefox 16 being cancelled. Huh?

Apparently Firefox 16 has a significant security vulnerability that has forced Mozilla to remove it from Mozilla’s website and stop pushing it to users. Here is what Mozilla has to say about it:

Mozilla is aware of a security vulnerability in the current release version of Firefox (version 16). We are actively working on a fix and plan to ship updates tomorrow. Firefox version 15 is unaffected.

The vulnerability could allow a malicious site to potentially determine which websites users have visited and have access to the URL or URL parameters. At this time we have no indication that this vulnerability is currently being exploited in the wild.

Firefox 16 has been temporarily removed from the current installer page and users will automatically be upgraded to the new version as soon as it becomes available.  As a precaution, users can downgrade to version 15.0.1 by following these instructions [].  Alternatively, users can wait until our patches are issued and automatically applied to address the vulnerability.

“The vulnerability could allow a malicious site to potentially determine which websites users have visited and have access to the URL or URL parameters“? Sounds semi-scary. Mozilla will release a patched Firefox 16.0.1 tomorrow to fix the issue — don’t update until then. If you have already updated, Mozilla wants you to downgrade to Firefox 15.0.1 but I simply suggest stop using Firefox for the night.

Epic fail, Mozilla.

[Thanks Grantwhy!]

Related Posts

  • Ashraf

    @Everyone: Firefox 16.0.1. is out now. See
    @Eric989: Ouch. That sucks.
    @waynos: You are welcome. I have no idea as to the issue you are mentioning because I haven’t updated, yet.
    @kelltic: You are welcome.
    @Mario: Really? What complaints?
    @sl0j0n: You are welcome!

  • sl0j0n

    Hello, Ashraf.
    Thanks bunches for the warning,
    as I’m on the beta channel,
    so I’ve already got it.
    I just updated to 16.0.1.
    Thanks again.

    Have a GREAT day, neighbors!

  • Mario

    I haven’t even installed 15.0.1 yet, ’cause there are too many complains about it…

  • kelltic

    Thanks for the warning. Leaving FF alone until I hear it’s been fixed. Luckily it isn’t my default browser anymore.

  • waynos

    Thanks Ashraff for the post, I have FF 15 at the moment and after some friends reported getting spam after visiting foxtel for the first time I checked my settings and found that if you visit your WEB email then look at the sites visited under the new tab button you will find your actual email address listed instead of the site address, waynos @ instead of your IP companies address. If you click “remove” it reverts to your web mail carriers address.I don’t know how dangerous this is ?

  • Eric989

    Being a dial-up user, it usually takes several days for me to get around to upgrading my programs. So I make an exception for Firefox 16 and look what happens.