Mozilla pulls Firefox 16 patch coming today
Whenever a new Firefox version gets released, chances are quite high that Mozilla will push out an update soon thereafter to fix a issue in the browser that was not discovered during development. It is the same for Firefox 16, the latest stable release version of the browser released on Tuesday this week.
A security vulnerability was detected in the version that forced Mozilla to do something that I believe it has never done before: pull Firefox 16 from the Mozilla website and ask existing users to downgrade their version of the browser to Firefox 15.0.1, the previous stable version of Firefox.
The company is working on a fix for the issue and plans to ship an update later today. Firefox 16 and Firefox 15.0.1 should receive the update automatically, provided that the automatic update feature of the browser has not been disabled.
Mozilla is keeping tight lipped about the vulnerability, but notes that it needs to be run on websites and that there are currently no signs of it being exploited in the wild.
The vulnerability could allow a malicious site to potentially determine which websites users have visited and have access to the URL or URL parameters. At this time we have no indication that this vulnerability is currently being exploited in the wild.
As far as downgrading goes, the blog post refers to a page on how to do that on the Mozilla website that unfortunately does not contain any information. If you want to downgrade Firefox, simply download Firefox 15.0.1 to your computer and run the installer afterwards. This will replace Firefox 16 with the newly downloaded older version. Expect to be updated to Firefox 16.0.1 in the next 24 hour period though.
Another option would be to switch to a secondary browser for that time, and start using Firefox again once the security vulnerability in the browser has been dealt with.
Update: Firefox 16.0.1 is now available on the Mozilla website and via automatic updates.
Advertisement
Hello Martin, & everyone. I just want to know why is it that older versions of Firefox remains listed in Control Panel > All Control Panel Items > Programs and Features. First time it happened is when I updated v15 to v15.0.1. With v14 & earlier versions, nothing like this at all. Thanks.
I love it. In the comments section on tech sites everywhere, people are having a go at Mozilla, moaning about the withdrawal of Fx 16 and how bad it looks. But as this news breaks, 16.0.1 is released, and no doubt the same security fix will be included in the latest versions of the nightly, aurora and beta releases as well. People need to relax. Mozilla will have made the announcement about this problem long after they started work on a fix. Now the problem is fixed. Storm in a teacup. Mountain out of a molehill etc.
http://www.mozilla.org/en-US/firefox/new/
Firefox 16.0.1 released
Firefox 16.0.1 released, website will be updated soon.
Like I said, it’s no big deal, Mozilla has already fixed it, being paranoid and stupid has no place in this world. If you’re not willing to accept progress, your loss, not anyone else.
Martin, thx for your timely and consistent update/alerts. I would rarely (if ever) know when stuff gets updates or recalls unless it was for this blog.
I know your comments section sometimes doesn’t get you much love. I just wanted to let you know I don’t take you for granted. Thx and keep up the good work!
Indeed. Thanks.
This is the reason why I don’t run out and get something just because it’s the “new latest” version, thing, phone, etc. History shows it usually bites you in the ass to be on the bleeding edge. Many times.
So true, but that’s something everyone has to learn at some point. I guess that there has to be some ass-biting to understand that in the first place.
There is nothing wrong with rapid release or testing, each branch, Nightly, Aurora and Beta goes through 6 weeks of testing. Thats 18 weeks of testing.
Even Google had to fix their overrated browser after it was hacked again at Pwnium 2.
Rapid release works and it gets the performance improvements and bug fixes out faster to all users. Instead of waiting 1 year like how it was with Firefox 4.0, you get it every 6 weeks.
It is a bit different than you describe it. The rapid release means too much work needs to be done for 3 or 4 versions ahead. Just one look at Ghacks articles make it obvious, Martin has screenshots of somethings that may make it into 19 even before 16 is out.
You’re wrong, I’m not gonna bother to explain to you, stick with your luddite ways. The rapid release works, features that are ready gets on the train, features that are not ready are pushed to the next release train.
And this is already fixed and 16.0.1 is already released. So yeah, keep up with your outdated, obsolete thinking.
This news proves me that there is something completely wrong with Mozilla’s testing procedures. They are focusing on the wrong points, like the new planned Australis look, social media integration in Firefox and more of this stuff. Security, stability, speed and usability are most important topics to focus on, in my opinion.
Maybe there is a change in leadership needed in the Mozilla organisation.
It’s a bit disappointing to see Mozilla push out 2 consecutive Firefox releases (v15 and now v16) with major privacy-related bugs.