Broadband Tech > Security > Security > Firefox 16.0 Released

reply to antdude

Re: Firefox 16.0 Released

said by antdude:

said by Name Game:

Just stick with v15.0.1 ..will be fixed shortly.

»news.cnet.com/8301-1009_3-575302···ty-flaw/

Yeah, but some of us already have the latest. I don't think we can downgrade without corrupting our data?

reply to PrntRhd

reply to antdude

Thunderbird 16.0 has also been released. I just got the update by checking "about" in TBird. I suppose there will be a 16.0.1 of Thunderbird any day now.
--
It is easier for a camel to put on a bikini than an old man to thread a needle.

Posted, rcdailey
»[Thunderbird] Thunderbird 16.0

reply to La Luna

There is always 10%....cold pizza for you then..was going to have the fox raid the coop and have free range eggs with tofu and non gluten rice cakes. bring your own java.

reply to Name Game
Problem was on my end, had to allow Mozilla in NoScript, then the page allowed 15.01 to be viewed as a choice.

OK..well if you take the dive let us know...I would wait I guess..don't want you calling my Mom and telling her I led you astray.

reply to antdude
antdude don't feel bad ... yesterday I started my day with a nice clean update to FF 16. All was fine all day till later in the afternoon when I did 15 Windows Updates. All 15 updates installed successfully and a restart was required. My computer seemed to have some issues restarting after the Windows updates so much so that I decided to do a system restore. After having done the restore I thought I would leave the Windows Updates for a day or so and then try again. This afternoon I realized that my FF was back to version 15.0.1 and I figured this had happened due to the system restore, however, that is when I realized that it was not re-offering me the option to update to 16 again. I started poking around the Mozilla forums here at DSL and found that some others were saying they were not being offered the new FF update also. So I started wondering if there was something about that FF update that caused issues with my Windows Updates. I've just spent the last hour or two doing each and every Windows update separately and restarting after each update to make sure the computer was starting fine and so far everything is looking good. Of course, just the day before all these updates I had done the recent Flash updates so having done the system restore those all needed redoing as well ... pretty much wasted a good chunk of my time. Hope I don't have the same issues when they re-issue FF16 through the updater.

reply to FF4m3
Mozilla Security —Security Vulnerability in Firefox 16
October 10, 2012 - 5:16 pm (PDT)

quote:

---

Issue:
Mozilla is aware of a security vulnerability in the current release version of Firefox (version 16). We are actively working on a fix and plan to ship updates tomorrow. Firefox version 15 is unaffected.

Impact:
The vulnerability could allow a malicious site to potentially determine which websites users have visited and have access to the URL or URL parameters. At this time we have no indication that this vulnerability is currently being exploited in the wild.

Status:
Firefox 16 has been temporarily removed from the current installer page and users will automatically be upgraded to the new version as soon as it becomes available. As a precaution, users can downgrade to version 15.0.1 by following these instructions [»www.mozilla.org/firefox/new/]. Alternatively, users can wait until our patches are issued and automatically applied to address the vulnerability.

Michael Coates
Director of Security Assurance

---

reply to siljaline
I don't see any indication that there will be any immediate patching of TB 16.0, so I guess the update I got will be there for a while.
--
It is easier for a camel to put on a bikini than an old man to thread a needle.

reply to FF4m3
Thanks all for posting about the security issue with v16.

Considering that v15.01 has multiple vulnerabilities that are fixed with v16, my decision is to stick with v16 and update to the 'fixed' version when available rather than to re-expose myself to previous issues.

Users could also use another browser (Chrome) until the repair is released.

reply to rcdailey
Noted, rcdailey

reply to FF4m3
Attack code for Firefox 16 privacy vulnerability now available online

quote:

---

Attack code that exploits a privacy information leak introduced in the latest version of Firefox is available online, making it easy for malicious websites to gather detailed information about users' browsing history unless they downgrade to the previous Mozilla release.

As previously reported, Mozilla officials took the unusual step of temporarily removing Firefox 16 on Wednesday, just one day after it's release. Company officials warned that a security hole introduced in the release "could allow a malicious site to potentially determine which websites users have visited and have access to the URL or URL parameters." They went on to say there was no evidence the vulnerability was being exploited by real-world attackers.

---

reply to chachazz

quote:

---

Update (Oct 11, 2012)
A fix for the Android version of Firefox was released at 9pm PT on Oct 10.

---

reply to FF4m3
Firefox 16.0.1 is out via internal updater!

TH