Topic 'Re: Firefox 16.0 Released' in forum 'Security' - dslreports.com

Re: Firefox 16.0 Released

Fri, 12 Oct 2012 15:53:53 EDT

chachazz posted : ESR 10.0.9 is up
»www.mozilla.org/en-US/firefox/or···all.html

Re: Firefox 16.0 Released

Thu, 11 Oct 2012 22:37:32 EDT

PrntRhd posted :

OK..well if you take the dive let us know...I would wait I guess..don't want you calling my Mom and telling her I led you astray. :(

I updated to 16.01 today, was not that worried despite some exploit code to take advantage of the flawed version.

Re: Firefox 16.0 Released

Thu, 11 Oct 2012 17:17:37 EDT

chachazz posted : Fixed in Firefox ESR 10.0.9
MFSA 2012-89 defaultValue security checks not applied

Look for ESR update soon - »www.mozilla.org/en-US/firefox/or···all.html
--
Gladiator Security Forum: www.gladiator-antivirus.com/

Re: Firefox 16.0 Released

Thu, 11 Oct 2012 16:47:57 EDT

antdude posted :

said by chachazz:

Moz Security Blog - updated the update note..

quote:
Update (Oct 11, 2012)

• An update to Firefox for Windows, Mac and Linux was released at 12pm PT on Oct 11. Users will be automatically updated and new downloads via »www.mozilla.org/firefox/new/ will receive the updated version.
• A fix for the Android version of Firefox was released at 9pm PT on Oct 10.

Got it in updated Mac OS X 10.7.5 and Windows XP Pro. SP3 through Firefox v16.0.0's internal updaters. Is it me or did it give the whole installers (Mac OS X's 32 MB and Windows' 22 MB!)? :(
--
Ant @ AQFL.net and AntFarm.ma.cx. Please do not IM/e-mail me for technical support. Use this forum or better, »community.norton.com ! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer.

Re: Firefox 16.0 Released

Thu, 11 Oct 2012 15:18:55 EDT

chachazz posted : Moz Security Blog - updated the update note..

quote:
Update (Oct 11, 2012)

• An update to Firefox for Windows, Mac and Linux was released at 12pm PT on Oct 11. Users will be automatically updated and new downloads via »www.mozilla.org/firefox/new/ will receive the updated version.
• A fix for the Android version of Firefox was released at 9pm PT on Oct 10.

--
Gladiator Security Forum: www.gladiator-antivirus.com/

Re: Firefox 16.0 Released

Thu, 11 Oct 2012 15:18:39 EDT

Triple Helix posted : Here are the Release Notes for 16.0.1: »www.mozilla.org/en-US/firefox/16···senotes/

TH

Re: Firefox 16.0 Released

Thu, 11 Oct 2012 15:04:59 EDT

chachazz posted :

said by Triple Helix:

http://www.dslreports.com/forum/r27613184-

TH ;)

Great!

Get it »www.mozilla.org/en-US/firefox/all.html
--
Gladiator Security Forum: www.gladiator-antivirus.com/

Re: Firefox 16.0 Released

Thu, 11 Oct 2012 15:02:49 EDT

Triple Helix posted : »Re: Mozilla Firefox 16.0.1 Final

TH ;)

Re: Firefox 16.0 Released

Thu, 11 Oct 2012 15:01:29 EDT

chachazz posted :

quote:
said by Triple Helix:
Firefox 16.0.1 is out via internal updater!

TH ;)

Thanks Triple Helix

Re: Firefox 16.0 Released

Thu, 11 Oct 2012 14:42:51 EDT

Triple Helix posted : »Re: Firefox 16.0 Released

Re: Firefox 16.0 Released

Thu, 11 Oct 2012 14:36:56 EDT

siljaline posted : Firefox 16.0.1 may be officially obtained via the internal update mechanism only. I have just successfully updated.

Re: Firefox 16.0 Released

Thu, 11 Oct 2012 14:32:19 EDT

Triple Helix posted : Firefox 16.0.1 is out via internal updater!

TH ;)

Re: Firefox 16.0 Released

Thu, 11 Oct 2012 14:30:31 EDT

chachazz posted :

quote:
Update (Oct 11, 2012)
A fix for the Android version of Firefox was released at 9pm PT on Oct 10.

»www.mozilla.org/en-US/firefox/fx/#mobile

said by chachazz:

Mozilla Security —Security Vulnerability in Firefox 16
October 10, 2012 - 5:16 pm (PDT)

quote:
Issue:
Mozilla is aware of a security vulnerability in the current release version of Firefox (version 16). We are actively working on a fix and plan to ship updates tomorrow. Firefox version 15 is unaffected.

Impact:
The vulnerability could allow a malicious site to potentially determine which websites users have visited and have access to the URL or URL parameters. At this time we have no indication that this vulnerability is currently being exploited in the wild.

Status:
Firefox 16 has been temporarily removed from the current installer page and users will automatically be upgraded to the new version as soon as it becomes available. As a precaution, users can downgrade to version 15.0.1 by following these instructions [»www.mozilla.org/firefox/new/]. Alternatively, users can wait until our patches are issued and automatically applied to address the vulnerability.

Michael Coates
Director of Security Assurance

--
Gladiator Security Forum: www.gladiator-antivirus.com/

Re: Firefox 16.0 Released

Thu, 11 Oct 2012 14:23:00 EDT

siljaline posted : Attack code for Firefox 16 privacy vulnerability now available online

quote:
Attack code that exploits a privacy information leak introduced in the latest version of Firefox is available online, making it easy for malicious websites to gather detailed information about users' browsing history unless they downgrade to the previous Mozilla release.

As previously reported, Mozilla officials took the unusual step of temporarily removing Firefox 16 on Wednesday, just one day after it's release. Company officials warned that a security hole introduced in the release "could allow a malicious site to potentially determine which websites users have visited and have access to the URL or URL parameters." They went on to say there was no evidence the vulnerability was being exploited by real-world attackers.

Article
--
siljaline

Here at Mountain View Chocolate, we�re committed to transparency and choice

Re: Firefox 16.0 Released

Thu, 11 Oct 2012 13:41:58 EDT

siljaline posted : Noted, rcdailey

Re: Firefox 16.0 Released

Thu, 11 Oct 2012 08:41:52 EDT

anon posted : Thanks all for posting about the security issue with v16.

Considering that v15.01 has multiple vulnerabilities that are fixed with v16, my decision is to stick with v16 and update to the 'fixed' version when available rather than to re-expose myself to previous issues.

Users could also use another browser (Chrome) until the repair is released.

Re: Firefox 16.0 Released

Thu, 11 Oct 2012 08:32:53 EDT

rcdailey posted : I don't see any indication that there will be any immediate patching of TB 16.0, so I guess the update I got will be there for a while.
--
It is easier for a camel to put on a bikini than an old man to thread a needle.

Re: Firefox 16.0 Released

Thu, 11 Oct 2012 05:32:14 EDT

chachazz posted : Mozilla Security —Security Vulnerability in Firefox 16
October 10, 2012 - 5:16 pm (PDT)

quote:
Issue:
Mozilla is aware of a security vulnerability in the current release version of Firefox (version 16). We are actively working on a fix and plan to ship updates tomorrow. Firefox version 15 is unaffected.

Impact:
The vulnerability could allow a malicious site to potentially determine which websites users have visited and have access to the URL or URL parameters. At this time we have no indication that this vulnerability is currently being exploited in the wild.

Status:
Firefox 16 has been temporarily removed from the current installer page and users will automatically be upgraded to the new version as soon as it becomes available. As a precaution, users can downgrade to version 15.0.1 by following these instructions [»www.mozilla.org/firefox/new/]. Alternatively, users can wait until our patches are issued and automatically applied to address the vulnerability.

Michael Coates
Director of Security Assurance

--
Gladiator Security Forum: www.gladiator-antivirus.com/

Re: Firefox 16.0 Released

Thu, 11 Oct 2012 02:45:36 EDT

MomOfARocker posted : antdude don't feel bad ... yesterday I started my day with a nice clean update to FF 16. All was fine all day till later in the afternoon when I did 15 Windows Updates. All 15 updates installed successfully and a restart was required. My computer seemed to have some issues restarting after the Windows updates so much so that I decided to do a system restore. After having done the restore I thought I would leave the Windows Updates for a day or so and then try again. This afternoon I realized that my FF was back to version 15.0.1 and I figured this had happened due to the system restore, however, that is when I realized that it was not re-offering me the option to update to 16 again. I started poking around the Mozilla forums here at DSL and found that some others were saying they were not being offered the new FF update also. So I started wondering if there was something about that FF update that caused issues with my Windows Updates. I've just spent the last hour or two doing each and every Windows update separately and restarting after each update to make sure the computer was starting fine and so far everything is looking good. Of course, just the day before all these updates I had done the recent Flash updates so having done the system restore those all needed redoing as well ... pretty much wasted a good chunk of my time. Hope I don't have the same issues when they re-issue FF16 through the updater.

Re: Firefox 16.0 Released

Thu, 11 Oct 2012 01:00:49 EDT

Name Game posted : OK..well if you take the dive let us know...I would wait I guess..don't want you calling my Mom and telling her I led you astray. :(

Re: Firefox 16.0 Released

Thu, 11 Oct 2012 00:57:07 EDT

PrntRhd posted : Problem was on my end, had to allow Mozilla in NoScript, then the page allowed 15.01 to be viewed as a choice.

Re: Firefox 16.0 Released

Thu, 11 Oct 2012 00:55:40 EDT

antdude posted :

said by Name Game:

There is always 10%....cold pizza for you then..was going to have the fox raid the coop and have free range eggs with tofu and non gluten rice cakes. :o bring your own java.

Don't forget to flash when butt naked! Also, bring some adobe. ;)
--
Ant @ AQFL.net and AntFarm.ma.cx. Please do not IM/e-mail me for technical support. Use this forum or better, »community.norton.com ! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer.

Re: Firefox 16.0 Released

Thu, 11 Oct 2012 00:51:40 EDT

Name Game posted : There is always 10%....cold pizza for you then..was going to have the fox raid the coop and have free range eggs with tofu and non gluten rice cakes. :o bring your own java.

Re: Firefox 16.0 Released

Thu, 11 Oct 2012 00:44:13 EDT

antdude posted :

said by Name Game:

said by La Luna:

said by antdude:

Let's just hope Mozilla can release the 16.0.1 patch tomorrow without any new issues!

Exactly. I'm not going to try to roll back tonight at 12:20AM, if it gets borked, I'll be up all night trying to fix it, lol!

Everyone IM me your Phone number..credit card number..and I will give you a call when it is safe to come out and even have breakfast waiting. :D

We're not falling for your social engineering and phishing! :P
--
Ant @ AQFL.net and AntFarm.ma.cx. Please do not IM/e-mail me for technical support. Use this forum or better, »community.norton.com ! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer.

Re: Firefox 16.0 Released

Thu, 11 Oct 2012 00:37:06 EDT

Name Game posted :

said by La Luna:

said by antdude:

Let's just hope Mozilla can release the 16.0.1 patch tomorrow without any new issues!

Exactly. I'm not going to try to roll back tonight at 12:20AM, if it gets borked, I'll be up all night trying to fix it, lol!

Everyone IM me your Phone number..credit card number..and I will give you a call when it is safe to come out and even have breakfast waiting. :D
--
Gladiator Security Forum
»www.gladiator-antivirus.com/

Re: Firefox 16.0 Released

Thu, 11 Oct 2012 00:34:29 EDT

siljaline posted : Posted, rcdailey
»[Thunderbird] Thunderbird 16.0

Re: Firefox 16.0 Released

Thu, 11 Oct 2012 00:27:20 EDT

rcdailey posted : Thunderbird 16.0 has also been released. I just got the update by checking "about" in TBird. I suppose there will be a 16.0.1 of Thunderbird any day now.
--
It is easier for a camel to put on a bikini than an old man to thread a needle.

Re: Firefox 16.0 Released

Thu, 11 Oct 2012 00:23:45 EDT

La Luna posted :

said by antdude:

Let's just hope Mozilla can release the 16.0.1 patch tomorrow without any new issues!

Exactly. I'm not going to try to roll back tonight at 12:20AM, if it gets borked, I'll be up all night trying to fix it, lol!

Re: Firefox 16.0 Released

Thu, 11 Oct 2012 00:21:32 EDT

Name Game posted :

said by PrntRhd:

It says 15.01 but when you get to choices, it only gives you 16.0

Strange..here is a screenshot of my download..and if you look in the bottom left corner..I can download 15.01 hmmm.. maybe you have to clear your cache ? or go there with a different browser.

Re: Firefox 16.0 Released

Thu, 11 Oct 2012 00:18:21 EDT

antdude posted :

said by La Luna:

said by antdude:

said by Name Game:

Just stick with v15.0.1 ..will be fixed shortly.

»news.cnet.com/8301-1009_3-575302···ty-flaw/

Yeah, but some of us already have the latest. :( I don't think we can downgrade without corrupting our data?

Same issue here. Shouldn't they release something that can go over the top of 16?

Let's just hope Mozilla can release the 16.0.1 patch tomorrow without any new issues!
--
Ant @ AQFL.net and AntFarm.ma.cx. Please do not IM/e-mail me for technical support. Use this forum or better, »community.norton.com ! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer.

Re: Firefox 16.0 Released

Thu, 11 Oct 2012 00:16:14 EDT

La Luna posted :

said by antdude:

said by Name Game:

Just stick with v15.0.1 ..will be fixed shortly.

»news.cnet.com/8301-1009_3-575302···ty-flaw/

Yeah, but some of us already have the latest. :( I don't think we can downgrade without corrupting our data?

Same issue here. Shouldn't they release something that can go over the top of 16?
--
The Alien in the White House

19,694 DEADLY TERROR ATTACKS SINCE 9/11

Re: Firefox 16.0 Released

Thu, 11 Oct 2012 00:16:00 EDT

Name Game posted : Then you are telling me this part does not work ?

To go back to 15.0.1, you have to go to the new download page. That does offer you 15.0.1, to which you're recommended to downgrade. Until tomorrow, when version 16 should be released and you can upgrade the downgrade of your upgrade:

Confused? Sorry about that.

If you haven't yet updated from 15.0.1, you're fine. If you already have version 16.0, grab 15.0.1 from the new link
»www.mozilla.org/en-US/firefox/new/

and install it over the no-longer-the-newest 16.0.

Once you've downgraded, you'll get another Hooray! page. This time you will be up to date - for a while, anyway.

And if you're not yet on either 16.0 or 15.0.1, you probably need to have a little chat to yourself about updating in general.

Although this latest issue reminds us that it's occasionally problematic to be too far ahead of the curve, it's always risky to be behind.

--
Gladiator Security Forum
»www.gladiator-antivirus.com/

Re: Firefox 16.0 Released

Thu, 11 Oct 2012 00:10:32 EDT

PrntRhd posted : It says 15.01 but when you get to choices, it only gives you 16.0

Re: Firefox 16.0 Released

Thu, 11 Oct 2012 00:03:45 EDT

Name Game posted : Naked Security just came out with this...read the last of it especially to get back to 15 with a Hoooray

»nakedsecurity.sophos.com/2012/10···nfusion/

Re: Firefox 16.0 Released

Wed, 10 Oct 2012 23:55:51 EDT

antdude posted :

said by Name Game:

Just stick with v15.0.1 ..will be fixed shortly.

»news.cnet.com/8301-1009_3-575302···ty-flaw/

Yeah, but some of us already have the latest. :( I don't think we can downgrade without corrupting our data?
--
Ant @ AQFL.net and AntFarm.ma.cx. Please do not IM/e-mail me for technical support. Use this forum or better, »community.norton.com ! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer.

Re: Firefox 16.0 Released

Wed, 10 Oct 2012 23:24:30 EDT

Name Game posted : Just stick with v15.0.1 ..will be fixed shortly.

»news.cnet.com/8301-1009_3-575302···ty-flaw/

Re: v16's Security Risk

Wed, 10 Oct 2012 23:23:22 EDT

siljaline posted : Thanks for this, antdude

v16's Security Risk

Wed, 10 Oct 2012 22:45:53 EDT

antdude posted : »arstechnica.com/security/2012/10···ty-risk/

Re: Firefox 16.0 Released

Wed, 10 Oct 2012 22:43:40 EDT

kickass69 posted : How is it through 6 betas that this security issue wasn't remedied before officially released? Can we blame the damned 6 week cycle or QC issues with Mozilla developers?

Re: Firefox 16.0 Released

Wed, 10 Oct 2012 22:33:05 EDT

antdude posted :

said by therube:

A quick inquiry points to a "security" issue, so you can be sure that FF is going to have a 16.0.1 too.

Great. I wonder how bad it is if it is for those with v16.0 like in Mac OS X 10.8.2 (Mountain Lion). Funny, that I delayed my upgrade until today to ensure there were no problems after a full day. I should had waited a bit longer. :(

I find it interesting that SeaMonkey's web site still shows v2.13 instead of v2.12.1 while Firefox's web site offers v15.0.1 instead of v16.0.
--
Ant @ AQFL.net and AntFarm.ma.cx. Please do not IM/e-mail me for technical support. Use this forum or better, »community.norton.com ! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer.

Re: Firefox 16.0 Released

Wed, 10 Oct 2012 22:26:13 EDT

therube posted : A quick inquiry points to a "security" issue, so you can be sure that FF is going to have a 16.0.1 too.

Re: Firefox 16.0 Released

Wed, 10 Oct 2012 22:24:57 EDT

antdude posted :

said by therube:

Heh.

"This is a tracking bug for Build and Release of SeaMonkey 2.13.1 We expect an actual release on Friday 12 October."

»bugzilla.mozilla.org/show_bug.cgi?id=800217

Ugh, another .1? This is getting silly!
--
Ant @ AQFL.net and AntFarm.ma.cx. Please do not IM/e-mail me for technical support. Use this forum or better, »community.norton.com ! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer.

Re: Firefox 16.0 Released

Wed, 10 Oct 2012 22:22:24 EDT

therube posted : Heh.

"This is a tracking bug for Build and Release of SeaMonkey 2.13.1 We expect an actual release on Friday 12 October."

»bugzilla.mozilla.org/show_bug.cgi?id=800217

For those who Norton products with its Toolbar...

Wed, 10 Oct 2012 21:35:06 EDT

antdude posted : »community.norton.com/t5/Norton-T···p/821572

»community.norton.com/t5/Norton-I···p/821582

»community.norton.com/t5/Norton-3···p/821578
--
Ant @ AQFL.net and AntFarm.ma.cx. Please do not IM/e-mail me for technical support. Use this forum or better, »community.norton.com ! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer.

Re: Firefox 16.0 Released

Wed, 10 Oct 2012 21:34:24 EDT

antdude posted :

said by therube:

And while we're here, SeaMonkey 2.13 has also been released.

And it too is not yet available through automatic updates - but for different reasons (waiting till after MS's "Tuesday" updates).
(What did you say, it's Wednesday already. Ah, well.)

SeaMonkey is always slow in getting the internal updates. :(
--
Ant @ AQFL.net and AntFarm.ma.cx. Please do not IM/e-mail me for technical support. Use this forum or better, »community.norton.com ! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer.

Re: Firefox 16.0 Released

Wed, 10 Oct 2012 20:47:33 EDT

therube posted : And while we're here, SeaMonkey 2.13 has also been released.

And it too is not yet available through automatic updates - but for different reasons (waiting till after MS's "Tuesday" updates).
(What did you say, it's Wednesday already. Ah, well.)