Firefox 16 Now Back Up After Critical Flaw

 

• New 16.0.1 version
• HTML5 support
• Gareth Heyes publicly disclosed the flaw

Mozilla has placed the Firefox 16 back up after it previously pulled it down after only a day from its release.

 

• New 16.0.1 version
• HTML5 support
• Gareth Heyes publicly disclosed the flaw

Mozilla has placed the Firefox 16 back up after it previously pulled it down after only a day from its release.

The new browser was temporary made unavailable due to a critical bug that could reveal which websites the user had visited, said Michael Coates, Mozilla's director of Security Assurance.

Security researcher Gareth Heyes publicly disclosed the flaw yesterday, complete with a proof-of-concept code to demonstrate the vulnerability.

Later, Mozilla advised users to revert to the previous 15.0.1 version just to be sure. It has just released the latest clean version (16.0.1) today.  A fix for the Android version of Firefox was released last night.

"Mozilla security researcher 'moz_bug_r_a4' reported a regression where security wrappers are unwrapped without doing a security check in defaultValue()," Mozilla.

"This can allow for improper access to the Location object. In versions 15 and earlier of affected products, there was also the potential for arbitrary code execution."

Mozilla 16 has been released with support for HTML5 and includes CSS3 Animations; Transforms; Transitions; Image Values; Values and Units; and IndexedDB.