Browser was pulled from download after only a day, to fix bug that could reveal which Web sites a user had visited.
by Steven Musil
| October 11, 2012 4:41 PM PDT
Mozilla released a new version of Firefox (Windows, Mac) today, one day after yanking the Web browser to address security flaws.
Firefox 16 was pulled off Mozilla’s installer page yesterday, just one day after its release, to fix a vulnerability that could have allowed a malicious site to identify which Web sites a user had visited, said Michael Coates, Mozilla’s director of Security Assurance. The flaw was publicly disclosed yesterday by security researcher Gareth Heyes, who published proof-of-concept code to demonstrate the vulnerability.
Though Mozilla said it had no evidence that the vulnerability was being exploited in the wild, the company recommended that users who had upgraded to version 16 downgrade to version 15.0.1, which was deemed unaffected by the flaw.
At noon today, the new version — Firefox 16.0.1 — was released to Mozilla’s upgrade servers and was pushed to users who had previously downloaded Firefox 16. A fix for the Android version of Firefox was released last night.