Firefox 16.0.2, Thunderbird 16.0.2 released

Martin Brinkmann
Oct 26, 2012
Email, Firefox, Thunderbird

Mozilla is currently in the process of rolling out an update for the stable version of Firefox that is brining the web browser to version 16.0.2 This is in fact the second update in this release period, the first was released shortly after Firefox 16.0 was pulled by Mozilla due to security issues found in the version.

Firefox 16.0.2 fixes critical security vulnerabilities in Firefox's location object. Affected are Firefox stable releases, Firefox Extended Support Releases, Thunderbird stable and ESR, and SeaMonkey. Mozilla notes that the desktop email client Thunderbird is only affected by location issues through RSS feeds or extensions that load web contents. It is however still recommended to upgrade the email client to fix the issues at hand.

Below is a list of issues fixed in the new release:

  • Security researcher Mariusz Mlynski reported that the true value of window.location could be shadowed by user content through the use of the valueOf method, which can be combined with some plugins to perform a cross-site scripting (XSS) attack on users.
  • Mozilla security researcher moz_bug_r_a4 discovered that the CheckURL function in window.location can be forced to return the wrong calling document and principal, allowing a cross-site scripting (XSS) attack. There is also the possibility of gaining arbitrary code execution if the attacker can take advantage of an add-on that interacts with the page content.
  • Security researcher Antoine Delignat-Lavaud of the PROSECCO research team at INRIA Paris reported the ability to use property injection by prototype to bypass security wrapper protections on the Location object, allowing the cross-origin reading of the Location object.

Firefox 16.0.2 is already available via automatic update. If your browser has not picked up the new version yet do the following to check for the update manually:

  1. Click on the Firefox button
  2. Select Help > About Firefox from the menu that opens up

The browser checks for the update manually and will download and install it afterwards. To manually check for updates in Thunderbird, select Help > About Thunderbird when the email program is open.

You can alternatively download the latest version of Firefox or Thunderbird from Mozilla.


Tutorials & Tips

Previous Post: «
Next Post: «


  1. Seabat said on November 3, 2012 at 3:53 pm

    I have never had any problems with FF, TB or automatic updates. Perhaps too much tweaking to get more than there can be got is not a good thing to do?

  2. dthrich said on November 3, 2012 at 3:00 am

    Having a weird issue. Downloaded thunderbird 16.0.2 running on Windows 8. Inbound emails works great but I can’t send an email. Setting are correct and I can use other email clients. Anyone else having this issue?

    1. Martin Brinkmann said on November 3, 2012 at 8:53 am

      I’m not having the issue. Do you get an error message when sending mail fails?

  3. WES said on October 30, 2012 at 4:41 pm

    THUNDERBIRD 16.0.2
    SEEN this model of stupidity, and arrogance from TB; that is if words mean what is wrote
    Silent, Background Updates
    Thunderbird will now download and apply updates in the background allowing you to start quickly the next time Thunderbird starts up. This eliminates the update progress dialog on all platforms and on Windows, it removes the need for the User Access Control dialog, making updating easier and quicker.
    OF course, if TB tries that, they’re toast, burnt toast, unwelcome

  4. WES said on October 30, 2012 at 4:32 pm

    THUNDERBIRD 16.0.2

  5. ChaplainCBE said on October 30, 2012 at 6:25 pm

    Having problems accessing one of my email accounts on yahoo. Firefox will let me into one of my yahoo email accounts but not the other. I’ll be on my sign in page & after I put in my id & password the web page jumps to
    & I get a warning …..
    This Connection is Untrusted
    You have asked Firefox to connect securely to, but we can’t confirm that your connection is secure.
    Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site’s identity can’t be verified.
    What Should I Do?
    If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn’t continue. uses an invalid security certificate.
    The certificate is only valid for *
    (Error code: ssl_error_bad_cert_domain)

    Very frustrating.

  6. X said on October 29, 2012 at 1:21 am

    Those experiencing issues with the new version might want to uninstall ZoneAlarm.

  7. yclee said on October 28, 2012 at 4:43 am

    tbird didn’t show 16.02 yet. also doesn’t show it on official website. probably only on ftp but not officially released.

  8. anon said on October 27, 2012 at 8:32 pm

    Fuck this update. It broke streaming from putlocker and sockshare.

  9. Tim Jacobs said on October 27, 2012 at 7:27 pm

    No Logitech extension. And it still goes “Not responding” occasionally, and doesn’t self-recover.

  10. elee wright said on October 27, 2012 at 6:29 pm

    it is faster and less hang outs

  11. Tim Jacobs said on October 27, 2012 at 11:46 am

    Hmm. The Logitech thing might be it. I recently installed a new unified keyboard. I don’t know if that coincides with the constant crashing of 16.0.1 and now 16.0.2.
    16.0.2 suddenly started working again later on. I’d not done anything to fix it.

  12. Ray said on October 27, 2012 at 10:10 am

    I agree with DanTe. Try making a complete new profile and see if changes anything. You can try resetting your profile and see if changes anything. Go to about:support and try the reset button. Make a backup of your profile before though

  13. DanTe said on October 27, 2012 at 5:07 am

    If nothing works, do you have Logitech extension installed on Firefox? I found that Logitech F’d up my Firefox reallly really bad. Disabling it restored all functionality.

    1. Martin Brinkmann said on October 27, 2012 at 8:06 am

      Why would Logitech install an extension in Firefox? What’s the purpose of the extension?

      1. ilev said on October 27, 2012 at 9:49 am

        Logitech installs Device Detection Extension.

        The Logitech Device Detection Extension is a browser add-on that scans your system for attached Logitech hardware. I suppose it does so the hardware will work with Firefox.

      2. Martin Brinkmann said on October 27, 2012 at 10:14 am

        Another extension the world does not need, I presume.

  14. waxplayer said on October 27, 2012 at 3:24 am

    That’s funny, I clicked on ALT>Help>About Firefox and I get: 15.0.1 Firefox is up to date.

    1. Martin Brinkmann said on October 27, 2012 at 8:00 am

      Something must be wrong with your update checker then. You should at least get Firefox 16.0.1 as the latest version. If nothing helps, download and install manually from the Mozilla website.

  15. Tim Jacobs said on October 27, 2012 at 1:47 am

    Great!. Now NOTHING works!
    Machine auto-updated, now I can’t visit any sites. I click on the bookmark, the address bar flashes, then it resets to the home page.

    AWESOME security – doesn’t let you vist anywhere, let alone a malware site…

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.