Firefox 16.0.2, Thunderbird 16.0.2 released
Mozilla is currently in the process of rolling out an update for the stable version of Firefox that is brining the web browser to version 16.0.2 This is in fact the second update in this release period, the first was released shortly after Firefox 16.0 was pulled by Mozilla due to security issues found in the version.
Firefox 16.0.2 fixes critical security vulnerabilities in Firefox's location object. Affected are Firefox stable releases, Firefox Extended Support Releases, Thunderbird stable and ESR, and SeaMonkey. Mozilla notes that the desktop email client Thunderbird is only affected by location issues through RSS feeds or extensions that load web contents. It is however still recommended to upgrade the email client to fix the issues at hand.
Below is a list of issues fixed in the new release:
- Security researcher Mariusz Mlynski reported that the true value of
window.location
could be shadowed by user content through the use of thevalueOf
method, which can be combined with some plugins to perform a cross-site scripting (XSS) attack on users. - Mozilla security researcher moz_bug_r_a4 discovered that the
CheckURL
function inwindow.location
can be forced to return the wrong calling document and principal, allowing a cross-site scripting (XSS) attack. There is also the possibility of gaining arbitrary code execution if the attacker can take advantage of an add-on that interacts with the page content. - Security researcher Antoine Delignat-Lavaud of the PROSECCO research team at INRIA Paris reported the ability to use property injection by prototype to bypass security wrapper protections on the
Location
object, allowing the cross-origin reading of theLocation
object.
Firefox 16.0.2 is already available via automatic update. If your browser has not picked up the new version yet do the following to check for the update manually:
- Click on the Firefox button
- Select Help > About Firefox from the menu that opens up
The browser checks for the update manually and will download and install it afterwards. To manually check for updates in Thunderbird, select Help > About Thunderbird when the email program is open.
You can alternatively download the latest version of Firefox or Thunderbird from Mozilla.
Advertisement
I have never had any problems with FF, TB or automatic updates. Perhaps too much tweaking to get more than there can be got is not a good thing to do?
Having a weird issue. Downloaded thunderbird 16.0.2 running on Windows 8. Inbound emails works great but I can’t send an email. Setting are correct and I can use other email clients. Anyone else having this issue?
I’m not having the issue. Do you get an error message when sending mail fails?
THUNDERBIRD 16.0.2
SEEN this model of stupidity, and arrogance from TB; that is if words mean what is wrote
Silent, Background Updates
Thunderbird will now download and apply updates in the background allowing you to start quickly the next time Thunderbird starts up. This eliminates the update progress dialog on all platforms and on Windows, it removes the need for the User Access Control dialog, making updating easier and quicker.
OF course, if TB tries that, they’re toast, burnt toast, unwelcome
THUNDERBIRD 16.0.2
Having problems accessing one of my email accounts on yahoo. Firefox will let me into one of my yahoo email accounts but not the other. I’ll be on my sign in page & after I put in my id & password the web page jumps to
https://edit.yahoo.com/config/change_pw?.src=ym&.done=http%3a//mail.yahoo.com&.scrumb=D1iqKKJOnc6
& I get a warning …..
This Connection is Untrusted
You have asked Firefox to connect securely to edit.yahoo.com, but we can’t confirm that your connection is secure.
Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site’s identity can’t be verified.
What Should I Do?
If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn’t continue.
edit.yahoo.com uses an invalid security certificate.
The certificate is only valid for *.edit.yahoo.com
(Error code: ssl_error_bad_cert_domain)
Very frustrating.
Those experiencing issues with the new version might want to uninstall ZoneAlarm.
tbird didn’t show 16.02 yet. also doesn’t show it on official website. probably only on ftp but not officially released.
Fuck this update. It broke streaming from putlocker and sockshare.
No Logitech extension. And it still goes “Not responding” occasionally, and doesn’t self-recover.
it is faster and less hang outs
Hmm. The Logitech thing might be it. I recently installed a new unified keyboard. I don’t know if that coincides with the constant crashing of 16.0.1 and now 16.0.2.
16.0.2 suddenly started working again later on. I’d not done anything to fix it.
I agree with DanTe. Try making a complete new profile and see if changes anything. You can try resetting your profile and see if changes anything. Go to about:support and try the reset button. Make a backup of your profile before though
If nothing works, do you have Logitech extension installed on Firefox? I found that Logitech F’d up my Firefox reallly really bad. Disabling it restored all functionality.
Why would Logitech install an extension in Firefox? What’s the purpose of the extension?
Logitech installs Device Detection Extension.
The Logitech Device Detection Extension is a browser add-on that scans your system for attached Logitech hardware. I suppose it does so the hardware will work with Firefox.
Another extension the world does not need, I presume.
That’s funny, I clicked on ALT>Help>About Firefox and I get: 15.0.1 Firefox is up to date.
Something must be wrong with your update checker then. You should at least get Firefox 16.0.1 as the latest version. If nothing helps, download and install manually from the Mozilla website.
Great!. Now NOTHING works!
Machine auto-updated, now I can’t visit any sites. I click on the bookmark, the address bar flashes, then it resets to the home page.
AWESOME security – doesn’t let you vist anywhere, let alone a malware site…