Firefox 16.0.2, Thunderbird 16.0.2 released - gHacks Tech News

Firefox 16.0.2, Thunderbird 16.0.2 released

Mozilla is currently in the process of rolling out an update for the stable version of Firefox that is brining the web browser to version 16.0.2 This is in fact the second update in this release period, the first was released shortly after Firefox 16.0 was pulled by Mozilla due to security issues found in the version.

Firefox 16.0.2 fixes critical security vulnerabilities in Firefox's location object. Affected are Firefox stable releases, Firefox Extended Support Releases, Thunderbird stable and ESR, and SeaMonkey. Mozilla notes that the desktop email client Thunderbird is only affected by location issues through RSS feeds or extensions that load web contents. It is however still recommended to upgrade the email client to fix the issues at hand.

Below is a list of issues fixed in the new release:

  • Security researcher Mariusz Mlynski reported that the true value of window.location could be shadowed by user content through the use of the valueOf method, which can be combined with some plugins to perform a cross-site scripting (XSS) attack on users.
  • Mozilla security researcher moz_bug_r_a4 discovered that the CheckURL function in window.location can be forced to return the wrong calling document and principal, allowing a cross-site scripting (XSS) attack. There is also the possibility of gaining arbitrary code execution if the attacker can take advantage of an add-on that interacts with the page content.
  • Security researcher Antoine Delignat-Lavaud of the PROSECCO research team at INRIA Paris reported the ability to use property injection by prototype to bypass security wrapper protections on the Location object, allowing the cross-origin reading of the Location object.

firefox 16.0.2

Firefox 16.0.2 is already available via automatic update. If your browser has not picked up the new version yet do the following to check for the update manually:

  1. Click on the Firefox button
  2. Select Help > About Firefox from the menu that opens up

The browser checks for the update manually and will download and install it afterwards. To manually check for updates in Thunderbird, select Help > About Thunderbird when the email program is open.

You can alternatively download the latest version of Firefox or Thunderbird from Mozilla.





  • We need your help

    Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

    We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.

    If you like our content, and would like to help, please consider making a contribution:

    Comments

    1. Tim Jacobs said on October 27, 2012 at 1:47 am
      Reply

      Great!. Now NOTHING works!
      Machine auto-updated, now I can’t visit any sites. I click on the bookmark, the address bar flashes, then it resets to the home page.

      AWESOME security – doesn’t let you vist anywhere, let alone a malware site…

    2. waxplayer said on October 27, 2012 at 3:24 am
      Reply

      That’s funny, I clicked on ALT>Help>About Firefox and I get: 15.0.1 Firefox is up to date.

      1. Martin Brinkmann said on October 27, 2012 at 8:00 am
        Reply

        Something must be wrong with your update checker then. You should at least get Firefox 16.0.1 as the latest version. If nothing helps, download and install manually from the Mozilla website.

    3. DanTe said on October 27, 2012 at 5:07 am
      Reply

      If nothing works, do you have Logitech extension installed on Firefox? I found that Logitech F’d up my Firefox reallly really bad. Disabling it restored all functionality.

      1. Martin Brinkmann said on October 27, 2012 at 8:06 am
        Reply

        Why would Logitech install an extension in Firefox? What’s the purpose of the extension?

        1. ilev said on October 27, 2012 at 9:49 am
          Reply

          Logitech installs Device Detection Extension.

          The Logitech Device Detection Extension is a browser add-on that scans your system for attached Logitech hardware. I suppose it does so the hardware will work with Firefox.

        2. Martin Brinkmann said on October 27, 2012 at 10:14 am
          Reply

          Another extension the world does not need, I presume.

    4. Ray said on October 27, 2012 at 10:10 am
      Reply

      I agree with DanTe. Try making a complete new profile and see if changes anything. You can try resetting your profile and see if changes anything. Go to about:support and try the reset button. Make a backup of your profile before though

    5. Tim Jacobs said on October 27, 2012 at 11:46 am
      Reply

      Hmm. The Logitech thing might be it. I recently installed a new unified keyboard. I don’t know if that coincides with the constant crashing of 16.0.1 and now 16.0.2.
      16.0.2 suddenly started working again later on. I’d not done anything to fix it.

    6. elee wright said on October 27, 2012 at 6:29 pm
      Reply

      it is faster and less hang outs

    7. Tim Jacobs said on October 27, 2012 at 7:27 pm
      Reply

      No Logitech extension. And it still goes “Not responding” occasionally, and doesn’t self-recover.

    8. anon said on October 27, 2012 at 8:32 pm
      Reply

      Fuck this update. It broke streaming from putlocker and sockshare.

    9. yclee said on October 28, 2012 at 4:43 am
      Reply

      tbird didn’t show 16.02 yet. also doesn’t show it on official website. probably only on ftp but not officially released.

    10. X said on October 29, 2012 at 1:21 am
      Reply

      Those experiencing issues with the new version might want to uninstall ZoneAlarm.

    11. ChaplainCBE said on October 30, 2012 at 6:25 pm
      Reply

      Having problems accessing one of my email accounts on yahoo. Firefox will let me into one of my yahoo email accounts but not the other. I’ll be on my sign in page & after I put in my id & password the web page jumps to
      https://edit.yahoo.com/config/change_pw?.src=ym&.done=http%3a//mail.yahoo.com&.scrumb=D1iqKKJOnc6
      & I get a warning …..
      This Connection is Untrusted
      You have asked Firefox to connect securely to edit.yahoo.com, but we can’t confirm that your connection is secure.
      Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site’s identity can’t be verified.
      What Should I Do?
      If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn’t continue.
      edit.yahoo.com uses an invalid security certificate.
      The certificate is only valid for *.edit.yahoo.com
      (Error code: ssl_error_bad_cert_domain)

      Very frustrating.

    12. WES said on October 30, 2012 at 4:32 pm
      Reply

      THUNDERBIRD 16.0.2

    13. WES said on October 30, 2012 at 4:41 pm
      Reply

      THUNDERBIRD 16.0.2
      SEEN this model of stupidity, and arrogance from TB; that is if words mean what is wrote
      Silent, Background Updates
      Thunderbird will now download and apply updates in the background allowing you to start quickly the next time Thunderbird starts up. This eliminates the update progress dialog on all platforms and on Windows, it removes the need for the User Access Control dialog, making updating easier and quicker.
      OF course, if TB tries that, they’re toast, burnt toast, unwelcome

    14. dthrich said on November 3, 2012 at 3:00 am
      Reply

      Having a weird issue. Downloaded thunderbird 16.0.2 running on Windows 8. Inbound emails works great but I can’t send an email. Setting are correct and I can use other email clients. Anyone else having this issue?

      1. Martin Brinkmann said on November 3, 2012 at 8:53 am
        Reply

        I’m not having the issue. Do you get an error message when sending mail fails?

    15. Seabat said on November 3, 2012 at 3:53 pm
      Reply

      I have never had any problems with FF, TB or automatic updates. Perhaps too much tweaking to get more than there can be got is not a good thing to do?

    Leave a Reply