Mozilla discovers security flaw in Firefox 16, takes downloads offline [UPDATED]

11 Oct 2012

Did you rush to upgrade to Firefox 16 when it was released yesterday? Well, you may want to go back and downgrade as Mozilla has spotted a security flaw in the release which is so serious that the company has taken downloads of the latest version offline.

“The vulnerability could allow a malicious site to potentially determine which websites users have visited and have access to the URL or URL parameters,” Mozilla’s director of security assurance Michael Coates wrote on the Mozilla Security Blog. “At this time we have no indication that this vulnerability is currently being exploited in the wild.”

While the vulnerability has not yet been exploited, it’s clearly a critical issue to have prompted Mozilla to pull its new release. The company is working quickly to patch the problem and an update is expected as soon as today. When available, this will be rolled out to all Firefox 16 users automatically.

In the meantime, more cautious users can downgrade to Firefox 15.0.1, which is unaffected by this issue, via the Mozilla website.

UPDATE: As expected, the issue has been resolved by the Mozilla team and Firefox 16.0.1 is available now for Windows, Mac and Linux. Those who previously downloaded Firefox 16 will automatically be updated.

Elaine Burke is the editor of Silicon Republic